Action not permitted
Modal body text goes here.
cve-2021-44906
Vulnerability from cvelistv5
Published
2022-03-17 13:05
Modified
2024-08-04 04:32
Severity
Summary
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
References
Source | URL | Tags |
---|---|---|
cve@mitre.org | https://github.com/Marynk/JavaScript-vulnerability-detection/blob/main/minimist%20PoC.zip | Exploit, Third Party Advisory |
cve@mitre.org | https://github.com/substack/minimist/blob/master/index.js#L69 | Exploit, Third Party Advisory |
cve@mitre.org | https://github.com/substack/minimist/issues/164 | Exploit, Issue Tracking, Patch, Third Party Advisory |
cve@mitre.org | https://security.netapp.com/advisory/ntap-20240621-0006/ | |
cve@mitre.org | https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 | Exploit, Not Applicable, Patch, Third Party Advisory |
cve@mitre.org | https://stackoverflow.com/questions/8588563/adding-custom-properties-to-a-function/20278068#20278068 | Issue Tracking, Third Party Advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:32:13.585Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://snyk.io/vuln/SNYK-JS-MINIMIST-559764" }, { "tags": [ "x_transferred" ], "url": "https://github.com/Marynk/JavaScript-vulnerability-detection/blob/main/minimist%20PoC.zip" }, { "tags": [ "x_transferred" ], "url": "https://github.com/substack/minimist/blob/master/index.js#L69" }, { "tags": [ "x_transferred" ], "url": "https://stackoverflow.com/questions/8588563/adding-custom-properties-to-a-function/20278068#20278068" }, { "tags": [ "x_transferred" ], "url": "https://github.com/substack/minimist/issues/164" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Minimist \u003c=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95)." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-21T19:07:14.002611", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://snyk.io/vuln/SNYK-JS-MINIMIST-559764" }, { "url": "https://github.com/Marynk/JavaScript-vulnerability-detection/blob/main/minimist%20PoC.zip" }, { "url": "https://github.com/substack/minimist/blob/master/index.js#L69" }, { "url": "https://stackoverflow.com/questions/8588563/adding-custom-properties-to-a-function/20278068#20278068" }, { "url": "https://github.com/substack/minimist/issues/164" }, { "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-44906", "datePublished": "2022-03-17T13:05:57", "dateReserved": "2021-12-13T00:00:00", "dateUpdated": "2024-08-04T04:32:13.585Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2021-44906\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-03-17T16:15:07.510\",\"lastModified\":\"2024-06-21T19:15:20.917\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Minimist \u003c=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).\"},{\"lang\":\"es\",\"value\":\"Minimist versiones anteriores a 1.2.5 incluy\u00e9ndola, es vulnerable a una Contaminaci\u00f3n de Prototipos por medio del archivo index.js, funci\u00f3n setKey() (l\u00edneas 69-95)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":7.5},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1321\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:substack:minimist:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"1.2.6\",\"matchCriteriaId\":\"ECC2AD41-AACB-437B-95EB-D382C8C33F94\"}]}]}],\"references\":[{\"url\":\"https://github.com/Marynk/JavaScript-vulnerability-detection/blob/main/minimist%20PoC.zip\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/substack/minimist/blob/master/index.js#L69\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/substack/minimist/issues/164\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240621-0006/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://snyk.io/vuln/SNYK-JS-MINIMIST-559764\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Not Applicable\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://stackoverflow.com/questions/8588563/adding-custom-properties-to-a-function/20278068#20278068\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]}]}}" } }
wid-sec-w-2022-0417
Vulnerability from csaf_certbund
Published
2022-05-05 22:00
Modified
2023-04-12 22:00
Summary
Red Hat OpenShift Service Mesh: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift Service Mesh ausnutzen, um Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme
- Linux
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift Service Mesh ausnutzen, um Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2022-0417 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0417.json" }, { "category": "self", "summary": "WID-SEC-2022-0417 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0417" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:1742 vom 2023-04-12", "url": "https://access.redhat.com/errata/RHSA-2023:1742" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:1045 vom 2023-03-02", "url": "https://access.redhat.com/errata/RHSA-2023:1045" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:1047 vom 2023-03-02", "url": "https://access.redhat.com/errata/RHSA-2023:1047" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:1044 vom 2023-03-02", "url": "https://access.redhat.com/errata/RHSA-2023:1044" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:1049 vom 2023-03-02", "url": "https://access.redhat.com/errata/RHSA-2023:1049" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:1043 vom 2023-03-02", "url": "https://access.redhat.com/errata/RHSA-2023:1043" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2022:2144-1 vom 2022-06-21", "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-June/011319.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2022:2146-1 vom 2022-06-21", "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-June/011320.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2022:2144-1 vom 2022-06-21", "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-June/011321.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:1739 vom 2022-05-05", "url": "https://access.redhat.com/errata/RHSA-2022:1739" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:5392 vom 2022-06-28", "url": "https://access.redhat.com/errata/RHSA-2022:5392" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:5069 vom 2022-08-10", "url": "https://access.redhat.com/errata/RHSA-2022:5069" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:6156 vom 2022-08-24", "url": "https://access.redhat.com/errata/RHSA-2022:6156" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:6813 vom 2022-10-05", "url": "https://access.redhat.com/errata/RHSA-2022:6813" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:6835 vom 2022-10-06", "url": "https://access.redhat.com/errata/RHSA-2022:6835" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:8652 vom 2022-11-28", "url": "https://access.redhat.com/errata/RHSA-2022:8652" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:0612 vom 2023-02-06", "url": "https://access.redhat.com/errata/RHSA-2023:0612" } ], "source_lang": "en-US", "title": "Red Hat OpenShift Service Mesh: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-04-12T22:00:00.000+00:00", "generator": { "date": "2024-02-15T16:49:34.669+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2022-0417", "initial_release_date": "2022-05-05T22:00:00.000+00:00", "revision_history": [ { "date": "2022-05-05T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2022-05-08T22:00:00.000+00:00", "number": "2", "summary": "Pr\u00e4zisierung betroffenes Produkt" }, { "date": "2022-06-20T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2022-06-28T22:00:00.000+00:00", "number": "4", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-08-10T22:00:00.000+00:00", "number": "5", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-08-24T22:00:00.000+00:00", "number": "6", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-10-05T22:00:00.000+00:00", "number": "7", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-10-06T22:00:00.000+00:00", "number": "8", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-11-28T23:00:00.000+00:00", "number": "9", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-02-06T23:00:00.000+00:00", "number": "10", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-03-01T23:00:00.000+00:00", "number": "11", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-04-12T22:00:00.000+00:00", "number": "12", "summary": "Neue Updates von Red Hat aufgenommen" } ], "status": "final", "version": "12" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } }, { "category": "product_name", "name": "Red Hat OpenShift Service Mesh \u003c 2.1.2.1", "product": { "name": "Red Hat OpenShift Service Mesh \u003c 2.1.2.1", "product_id": "T023122", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:2.1.2.1::service_mesh" } } } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-24771", "notes": [ { "category": "description", "text": "In Red Hat OpenShift Service Mesh existieren mehrere Schwachstellen. Diese treten in der Komponente \"node-forge\" und erm\u00f6glichen eine F\u00e4lschung der Signatur. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Dateien zu manipulieren." } ], "product_status": { "known_affected": [ "T002207", "67646" ] }, "release_date": "2022-05-05T22:00:00Z", "title": "CVE-2022-24771" }, { "cve": "CVE-2022-24772", "notes": [ { "category": "description", "text": "In Red Hat OpenShift Service Mesh existieren mehrere Schwachstellen. Diese treten in der Komponente \"node-forge\" und erm\u00f6glichen eine F\u00e4lschung der Signatur. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Dateien zu manipulieren." } ], "product_status": { "known_affected": [ "T002207", "67646" ] }, "release_date": "2022-05-05T22:00:00Z", "title": "CVE-2022-24772" }, { "cve": "CVE-2022-24773", "notes": [ { "category": "description", "text": "In Red Hat OpenShift Service Mesh existieren mehrere Schwachstellen. Diese treten in der Komponente \"node-forge\" und erm\u00f6glichen eine F\u00e4lschung der Signatur. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Dateien zu manipulieren." } ], "product_status": { "known_affected": [ "T002207", "67646" ] }, "release_date": "2022-05-05T22:00:00Z", "title": "CVE-2022-24773" }, { "cve": "CVE-2022-0235", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten \"node-fetch\" sowie \"follow-redirects\" und erm\u00f6glichen die Offenlegung von vertraulichen Informationen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T002207", "67646" ] }, "release_date": "2022-05-05T22:00:00Z", "title": "CVE-2022-0235" }, { "cve": "CVE-2022-0536", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten \"node-fetch\" sowie \"follow-redirects\" und erm\u00f6glichen die Offenlegung von vertraulichen Informationen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "T002207", "67646" ] }, "release_date": "2022-05-05T22:00:00Z", "title": "CVE-2022-0536" }, { "cve": "CVE-2021-44906", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existiert eine Schwachstelle. In der Komponente \"minimist\" ist eine Prototype-Pollution m\u00f6glich. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Dateien zu manipulieren, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "67646" ] }, "release_date": "2022-05-05T22:00:00Z", "title": "CVE-2021-44906" } ] }
wid-sec-w-2022-2366
Vulnerability from csaf_certbund
Published
2022-04-24 22:00
Modified
2022-12-19 23:00
Summary
HCL BigFix: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
BigFix ist eine Lösung zum Erkennen und Verwalten von physischen und virtuellen Endpunkten.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in HCL BigFix ausnutzen, um Informationen offenzulegen eine URL Redirection durchzuführen oder Code auszuführen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "BigFix ist eine L\u00f6sung zum Erkennen und Verwalten von physischen und virtuellen Endpunkten.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in HCL BigFix ausnutzen, um Informationen offenzulegen eine URL Redirection durchzuf\u00fchren oder Code auszuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2022-2366 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2366.json" }, { "category": "self", "summary": "WID-SEC-2022-2366 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2366" }, { "category": "external", "summary": "HCL Article KB0102172 vom 2022-12-19", "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0102172" }, { "category": "external", "summary": "HCL Security Bulletin vom 2022-04-24", "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0097778" } ], "source_lang": "en-US", "title": "HCL BigFix: Mehrere Schwachstellen", "tracking": { "current_release_date": "2022-12-19T23:00:00.000+00:00", "generator": { "date": "2024-02-15T17:07:18.851+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2022-2366", "initial_release_date": "2022-04-24T22:00:00.000+00:00", "revision_history": [ { "date": "2022-04-24T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2022-12-19T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von HCL aufgenommen" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "HCL BigFix", "product": { "name": "HCL BigFix", "product_id": "T017494", "product_identification_helper": { "cpe": "cpe:/a:hcltech:bigfix:-" } } }, { "category": "product_name", "name": "HCL Domino", "product": { "name": "HCL Domino", "product_id": "777623", "product_identification_helper": { "cpe": "cpe:/a:hcltech:domino:-" } } } ], "category": "vendor", "name": "HCL" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-27764", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in HCL BigFix. \"NUMBER\"-Cookies werden ohne \"Secure\"- oder \"HTTPOnly\"-Flag gesetzt. Ein Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen" } ], "product_status": { "known_affected": [ "777623", "T017494" ] }, "release_date": "2022-04-24T22:00:00Z", "title": "CVE-2021-27764" }, { "cve": "CVE-2021-44906", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in HCL BigFix. Diese besteht aufgrund einer m\u00f6glichen Prototype Pollution \u00fcber die Funktion \"setKey()\" in \"index.js\". Ein entfernter anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren." } ], "product_status": { "known_affected": [ "777623", "T017494" ] }, "release_date": "2022-04-24T22:00:00Z", "title": "CVE-2021-44906" }, { "cve": "CVE-2022-0122", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in HCL BigFix. Ein Problem in \"Forge\" erm\u00f6glicht eine URL Redirection zu nicht vertrauensw\u00fcrdigen Sites." } ], "product_status": { "known_affected": [ "777623", "T017494" ] }, "release_date": "2022-04-24T22:00:00Z", "title": "CVE-2022-0122" }, { "cve": "CVE-2022-0155", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in HCL BigFix. Die Ursache ist ein Problem mit \"follow-redirects\". Ein Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzuelgen." } ], "product_status": { "known_affected": [ "777623", "T017494" ] }, "release_date": "2022-04-24T22:00:00Z", "title": "CVE-2022-0155" }, { "cve": "CVE-2022-0235", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in HCL BigFix. Ein Angreifer kann dieses Problem in \"node-fetch\" ausnutzen, um Informationen offenzulegen." } ], "product_status": { "known_affected": [ "777623", "T017494" ] }, "release_date": "2022-04-24T22:00:00Z", "title": "CVE-2022-0235" }, { "cve": "CVE-2022-0355", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in HCL BigFix. Ein Angreifer kann dieses Problem in \"simple-get\" ausnutzen, um Informationen offenzuelgen." } ], "product_status": { "known_affected": [ "777623", "T017494" ] }, "release_date": "2022-04-24T22:00:00Z", "title": "CVE-2022-0355" } ] }
wid-sec-w-2022-0901
Vulnerability from csaf_certbund
Published
2022-08-03 22:00
Modified
2023-02-06 23:00
Summary
Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
JBoss Enterprise Application Platform ist eine skalierbare Plattform für Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform ausnutzen, um die Vertraulichkeit, die Verfügbarkeit und die Integrität zu gefährden, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme
- Linux
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "JBoss Enterprise Application Platform ist eine skalierbare Plattform f\u00fcr Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform ausnutzen, um die Vertraulichkeit, die Verf\u00fcgbarkeit und die Integrit\u00e4t zu gef\u00e4hrden, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2022-0901 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0901.json" }, { "category": "self", "summary": "WID-SEC-2022-0901 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0901" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:0612 vom 2023-02-06", "url": "https://access.redhat.com/errata/RHSA-2023:0612" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:8652 vom 2022-11-28", "url": "https://access.redhat.com/errata/RHSA-2022:8652" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:8524 vom 2022-11-17", "url": "https://access.redhat.com/errata/RHSA-2022:8524" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:5892 vom 2022-08-03", "url": "https://access.redhat.com/errata/RHSA-2022:5892" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:5893 vom 2022-08-03", "url": "https://access.redhat.com/errata/RHSA-2022:5893" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:5894 vom 2022-08-03", "url": "https://access.redhat.com/errata/RHSA-2022:5894" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:5928 vom 2022-08-09", "url": "https://access.redhat.com/errata/RHSA-2022:5928" }, { "category": "external", "summary": "JFrog Fixed Security Vulnerabilities", "url": "https://www.jfrog.com/confluence/display/JFROG/Fixed+Security+Vulnerabilities" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:6819 vom 2022-10-05", "url": "https://access.redhat.com/errata/RHSA-2022:6819" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:6916 vom 2022-10-12", "url": "https://access.redhat.com/errata/RHSA-2022:6916" } ], "source_lang": "en-US", "title": "Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-02-06T23:00:00.000+00:00", "generator": { "date": "2024-02-15T16:54:42.705+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2022-0901", "initial_release_date": "2022-08-03T22:00:00.000+00:00", "revision_history": [ { "date": "2022-08-03T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2022-08-08T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-10-03T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates aufgenommen" }, { "date": "2022-10-05T22:00:00.000+00:00", "number": "4", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-10-12T22:00:00.000+00:00", "number": "5", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-11-17T23:00:00.000+00:00", "number": "6", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-11-28T23:00:00.000+00:00", "number": "7", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-02-06T23:00:00.000+00:00", "number": "8", "summary": "Neue Updates von Red Hat aufgenommen" } ], "status": "final", "version": "8" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "JFrog Artifactory \u003c 7.46.3", "product": { "name": "JFrog Artifactory \u003c 7.46.3", "product_id": "T024764", "product_identification_helper": { "cpe": "cpe:/a:jfrog:artifactory:7.46.3" } } } ], "category": "vendor", "name": "JFrog" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } }, { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform \u003c 7.4.6", "product": { "name": "Red Hat JBoss Enterprise Application Platform \u003c 7.4.6", "product_id": "130262", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0" } } } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-44906", "notes": [ { "category": "description", "text": "In Red Hat JBoss Enterprise Application Platform existiert eine Schwachstelle. Diese besteht im Modul \"minimist\" und ist auf eine Prototype Pollution zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um die Vertraulichkeit, die Verf\u00fcgbarkeit und die Integrit\u00e4t zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "67646", "T024764" ] }, "release_date": "2022-08-03T22:00:00Z", "title": "CVE-2021-44906" }, { "cve": "CVE-2022-25647", "notes": [ { "category": "description", "text": "In Red Hat JBoss Enterprise Application Platform existiert eine Schwachstelle. Diese besteht im Modul \"gson\" und ist auf eine unsichere Deserialisierung zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "67646", "T024764" ] }, "release_date": "2022-08-03T22:00:00Z", "title": "CVE-2022-25647" }, { "cve": "CVE-2022-24823", "notes": [ { "category": "description", "text": "In Red Hat JBoss Enterprise Application Platform existiert eine Schwachstelle. Diese besteht im Modul \"netty\" und ist auf einen unzureichenden Schutz einer tempor\u00e4ren Datei zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen." } ], "product_status": { "known_affected": [ "67646", "T024764" ] }, "release_date": "2022-08-03T22:00:00Z", "title": "CVE-2022-24823" } ] }
wid-sec-w-2022-2133
Vulnerability from csaf_certbund
Published
2022-11-20 23:00
Modified
2022-12-19 23:00
Summary
JFrog Artifactory: Mehrere Schwachstellen in Drittanbieter-Komponenten
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
JFrog Artifactory ist eine universelle DevOps-Lösung.
Angriff
JFrog Artifactory nutzt verschiedene Komponenten von Drittanbietern. Diese enthalten mehrere Schwachstellen. Neuen Informationen von JFrog zufolge sind diese Schwachstellen jedoch nicht in Produkten von JFrog ausnutzbar.
Betroffene Betriebssysteme
- UNIX
- Linux
{ "document": { "aggregate_severity": { "text": "niedrig" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "JFrog Artifactory ist eine universelle DevOps-L\u00f6sung.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "JFrog Artifactory nutzt verschiedene Komponenten von Drittanbietern. Diese enthalten mehrere Schwachstellen. Neuen Informationen von JFrog zufolge sind diese Schwachstellen jedoch nicht in Produkten von JFrog ausnutzbar.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2022-2133 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2133.json" }, { "category": "self", "summary": "WID-SEC-2022-2133 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2133" }, { "category": "external", "summary": "HCL Article KB0102172 vom 2022-12-19", "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0102172" }, { "category": "external", "summary": "JFrog Fixed Security Vulnerabilities - \u00c4nderungen vom 2022-11-24", "url": "https://www.jfrog.com/confluence/pages/diffpagesbyversion.action?pageId=102634317\u0026selectedPageVersions=159\u0026selectedPageVersions=156" }, { "category": "external", "summary": "JFrog Fixed Security Vulnerabilities vom 2022-11-20", "url": "https://www.jfrog.com/confluence/display/JFROG/Fixed+Security+Vulnerabilities" } ], "source_lang": "en-US", "title": "JFrog Artifactory: Mehrere Schwachstellen in Drittanbieter-Komponenten", "tracking": { "current_release_date": "2022-12-19T23:00:00.000+00:00", "generator": { "date": "2024-02-15T17:03:58.444+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2022-2133", "initial_release_date": "2022-11-20T23:00:00.000+00:00", "revision_history": [ { "date": "2022-11-20T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2022-11-30T23:00:00.000+00:00", "number": "2", "summary": "Neue Informationen von JFrog aufgenommen" }, { "date": "2022-12-19T23:00:00.000+00:00", "number": "3", "summary": "Neue Updates von HCL aufgenommen" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "HCL Domino", "product": { "name": "HCL Domino", "product_id": "777623", "product_identification_helper": { "cpe": "cpe:/a:hcltech:domino:-" } } } ], "category": "vendor", "name": "HCL" }, { "branches": [ { "category": "product_name", "name": "JFrog Artifactory \u003c 7.47.7", "product": { "name": "JFrog Artifactory \u003c 7.47.7", "product_id": "T025370", "product_identification_helper": { "cpe": "cpe:/a:jfrog:artifactory:7.47.7" } } } ], "category": "vendor", "name": "JFrog" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-16869", "notes": [ { "category": "description", "text": "JFrog Artifactory nutzt verschiedene Komponenten von Drittanbietern. Diese enthalten mehrere Schwachstellen. Neuen Informationen von JFrog zufolge sind diese Schwachstellen jedoch nicht in Produkten von JFrog ausnutzbar." } ], "product_status": { "known_affected": [ "777623" ] }, "release_date": "2022-11-20T23:00:00Z", "title": "CVE-2019-16869" }, { "cve": "CVE-2019-20444", "notes": [ { "category": "description", "text": "JFrog Artifactory nutzt verschiedene Komponenten von Drittanbietern. Diese enthalten mehrere Schwachstellen. Neuen Informationen von JFrog zufolge sind diese Schwachstellen jedoch nicht in Produkten von JFrog ausnutzbar." } ], "product_status": { "known_affected": [ "777623" ] }, "release_date": "2022-11-20T23:00:00Z", "title": "CVE-2019-20444" }, { "cve": "CVE-2019-20445", "notes": [ { "category": "description", "text": "JFrog Artifactory nutzt verschiedene Komponenten von Drittanbietern. Diese enthalten mehrere Schwachstellen. Neuen Informationen von JFrog zufolge sind diese Schwachstellen jedoch nicht in Produkten von JFrog ausnutzbar." } ], "product_status": { "known_affected": [ "777623" ] }, "release_date": "2022-11-20T23:00:00Z", "title": "CVE-2019-20445" }, { "cve": "CVE-2020-7608", "notes": [ { "category": "description", "text": "JFrog Artifactory nutzt verschiedene Komponenten von Drittanbietern. Diese enthalten mehrere Schwachstellen. Neuen Informationen von JFrog zufolge sind diese Schwachstellen jedoch nicht in Produkten von JFrog ausnutzbar." } ], "product_status": { "known_affected": [ "777623" ] }, "release_date": "2022-11-20T23:00:00Z", "title": "CVE-2020-7608" }, { "cve": "CVE-2020-7789", "notes": [ { "category": "description", "text": "JFrog Artifactory nutzt verschiedene Komponenten von Drittanbietern. Diese enthalten mehrere Schwachstellen. Neuen Informationen von JFrog zufolge sind diese Schwachstellen jedoch nicht in Produkten von JFrog ausnutzbar." } ], "product_status": { "known_affected": [ "777623" ] }, "release_date": "2022-11-20T23:00:00Z", "title": "CVE-2020-7789" }, { "cve": "CVE-2021-26291", "notes": [ { "category": "description", "text": "JFrog Artifactory nutzt verschiedene Komponenten von Drittanbietern. Diese enthalten mehrere Schwachstellen. Neuen Informationen von JFrog zufolge sind diese Schwachstellen jedoch nicht in Produkten von JFrog ausnutzbar." } ], "product_status": { "known_affected": [ "777623" ] }, "release_date": "2022-11-20T23:00:00Z", "title": "CVE-2021-26291" }, { "cve": "CVE-2021-3807", "notes": [ { "category": "description", "text": "JFrog Artifactory nutzt verschiedene Komponenten von Drittanbietern. Diese enthalten mehrere Schwachstellen. Neuen Informationen von JFrog zufolge sind diese Schwachstellen jedoch nicht in Produkten von JFrog ausnutzbar." } ], "product_status": { "known_affected": [ "777623" ] }, "release_date": "2022-11-20T23:00:00Z", "title": "CVE-2021-3807" }, { "cve": "CVE-2021-44906", "notes": [ { "category": "description", "text": "JFrog Artifactory nutzt verschiedene Komponenten von Drittanbietern. Diese enthalten mehrere Schwachstellen. Neuen Informationen von JFrog zufolge sind diese Schwachstellen jedoch nicht in Produkten von JFrog ausnutzbar." } ], "product_status": { "known_affected": [ "777623" ] }, "release_date": "2022-11-20T23:00:00Z", "title": "CVE-2021-44906" }, { "cve": "CVE-2022-0235", "notes": [ { "category": "description", "text": "JFrog Artifactory nutzt verschiedene Komponenten von Drittanbietern. Diese enthalten mehrere Schwachstellen. Neuen Informationen von JFrog zufolge sind diese Schwachstellen jedoch nicht in Produkten von JFrog ausnutzbar." } ], "product_status": { "known_affected": [ "777623" ] }, "release_date": "2022-11-20T23:00:00Z", "title": "CVE-2022-0235" }, { "cve": "CVE-2022-1962", "notes": [ { "category": "description", "text": "JFrog Artifactory nutzt verschiedene Komponenten von Drittanbietern. Diese enthalten mehrere Schwachstellen. Neuen Informationen von JFrog zufolge sind diese Schwachstellen jedoch nicht in Produkten von JFrog ausnutzbar." } ], "product_status": { "known_affected": [ "777623" ] }, "release_date": "2022-11-20T23:00:00Z", "title": "CVE-2022-1962" }, { "cve": "CVE-2022-24823", "notes": [ { "category": "description", "text": "JFrog Artifactory nutzt verschiedene Komponenten von Drittanbietern. Diese enthalten mehrere Schwachstellen. Neuen Informationen von JFrog zufolge sind diese Schwachstellen jedoch nicht in Produkten von JFrog ausnutzbar." } ], "product_status": { "known_affected": [ "777623" ] }, "release_date": "2022-11-20T23:00:00Z", "title": "CVE-2022-24823" }, { "cve": "CVE-2022-25857", "notes": [ { "category": "description", "text": "JFrog Artifactory nutzt verschiedene Komponenten von Drittanbietern. Diese enthalten mehrere Schwachstellen. Neuen Informationen von JFrog zufolge sind diese Schwachstellen jedoch nicht in Produkten von JFrog ausnutzbar." } ], "product_status": { "known_affected": [ "777623" ] }, "release_date": "2022-11-20T23:00:00Z", "title": "CVE-2022-25857" }, { "cve": "CVE-2022-25878", "notes": [ { "category": "description", "text": "JFrog Artifactory nutzt verschiedene Komponenten von Drittanbietern. Diese enthalten mehrere Schwachstellen. Neuen Informationen von JFrog zufolge sind diese Schwachstellen jedoch nicht in Produkten von JFrog ausnutzbar." } ], "product_status": { "known_affected": [ "777623" ] }, "release_date": "2022-11-20T23:00:00Z", "title": "CVE-2022-25878" }, { "cve": "CVE-2022-27191", "notes": [ { "category": "description", "text": "JFrog Artifactory nutzt verschiedene Komponenten von Drittanbietern. Diese enthalten mehrere Schwachstellen. Neuen Informationen von JFrog zufolge sind diese Schwachstellen jedoch nicht in Produkten von JFrog ausnutzbar." } ], "product_status": { "known_affected": [ "777623" ] }, "release_date": "2022-11-20T23:00:00Z", "title": "CVE-2022-27191" }, { "cve": "CVE-2022-28131", "notes": [ { "category": "description", "text": "JFrog Artifactory nutzt verschiedene Komponenten von Drittanbietern. Diese enthalten mehrere Schwachstellen. Neuen Informationen von JFrog zufolge sind diese Schwachstellen jedoch nicht in Produkten von JFrog ausnutzbar." } ], "product_status": { "known_affected": [ "777623" ] }, "release_date": "2022-11-20T23:00:00Z", "title": "CVE-2022-28131" }, { "cve": "CVE-2022-30187", "notes": [ { "category": "description", "text": "JFrog Artifactory nutzt verschiedene Komponenten von Drittanbietern. Diese enthalten mehrere Schwachstellen. Neuen Informationen von JFrog zufolge sind diese Schwachstellen jedoch nicht in Produkten von JFrog ausnutzbar." } ], "product_status": { "known_affected": [ "777623" ] }, "release_date": "2022-11-20T23:00:00Z", "title": "CVE-2022-30187" }, { "cve": "CVE-2022-30633", "notes": [ { "category": "description", "text": "JFrog Artifactory nutzt verschiedene Komponenten von Drittanbietern. Diese enthalten mehrere Schwachstellen. Neuen Informationen von JFrog zufolge sind diese Schwachstellen jedoch nicht in Produkten von JFrog ausnutzbar." } ], "product_status": { "known_affected": [ "777623" ] }, "release_date": "2022-11-20T23:00:00Z", "title": "CVE-2022-30633" }, { "cve": "CVE-2022-30635", "notes": [ { "category": "description", "text": "JFrog Artifactory nutzt verschiedene Komponenten von Drittanbietern. Diese enthalten mehrere Schwachstellen. Neuen Informationen von JFrog zufolge sind diese Schwachstellen jedoch nicht in Produkten von JFrog ausnutzbar." } ], "product_status": { "known_affected": [ "777623" ] }, "release_date": "2022-11-20T23:00:00Z", "title": "CVE-2022-30635" } ] }
rhsa-2022_5069
Vulnerability from csaf_redhat
Published
2022-08-10 10:32
Modified
2022-08-29 01:42
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.11.0 bug fix and security update
Notes
Topic
Red Hat OpenShift Container Platform release 4.11.0 is now available with
updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.11.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.0. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHSA-2022:5068
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html
Security Fix(es):
* go-getter: command injection vulnerability (CVE-2022-26945)
* go-getter: unsafe download (issue 1 of 3) (CVE-2022-30321)
* go-getter: unsafe download (issue 2 of 3) (CVE-2022-30322)
* go-getter: unsafe download (issue 3 of 3) (CVE-2022-30323)
* nanoid: Information disclosure via valueOf() function (CVE-2021-23566)
* sanitize-url: XSS (CVE-2021-23648)
* minimist: prototype pollution (CVE-2021-44906)
* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)
* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
* go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses (CVE-2022-29810)
* opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
You may download the oc tool and use it to inspect release image metadata as follows:
(For x86_64 architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.0-x86_64
The image digest is sha256:300bce8246cf880e792e106607925de0a404484637627edf5f517375517d54a4
(For aarch64 architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.0-aarch64
The image digest is sha256:29fa8419da2afdb64b5475d2b43dad8cc9205e566db3968c5738e7a91cf96dfe
(For s390x architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.0-s390x
The image digest is sha256:015d6180238b4024d11dfef6751143619a0458eccfb589f2058ceb1a6359dd46
(For ppc64le architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.0-ppc64le
The image digest is sha256:5052f8d5597c6656ca9b6bfd3de521504c79917aa80feb915d3c8546241f86ca
All OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available
at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 2023 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Container Platform release 4.11.0 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.11.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.11.0. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHSA-2022:5068\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nSecurity Fix(es):\n\n* go-getter: command injection vulnerability (CVE-2022-26945)\n* go-getter: unsafe download (issue 1 of 3) (CVE-2022-30321)\n* go-getter: unsafe download (issue 2 of 3) (CVE-2022-30322)\n* go-getter: unsafe download (issue 3 of 3) (CVE-2022-30323)\n* nanoid: Information disclosure via valueOf() function (CVE-2021-23566)\n* sanitize-url: XSS (CVE-2021-23648)\n* minimist: prototype pollution (CVE-2021-44906)\n* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)\n* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n* go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses (CVE-2022-29810)\n* opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nYou may download the oc tool and use it to inspect release image metadata as follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.0-x86_64\n\nThe image digest is sha256:300bce8246cf880e792e106607925de0a404484637627edf5f517375517d54a4\n\n(For aarch64 architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.0-aarch64\n\nThe image digest is sha256:29fa8419da2afdb64b5475d2b43dad8cc9205e566db3968c5738e7a91cf96dfe\n\n(For s390x architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.0-s390x\n\nThe image digest is sha256:015d6180238b4024d11dfef6751143619a0458eccfb589f2058ceb1a6359dd46\n\n(For ppc64le architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.0-ppc64le\n\nThe image digest is sha256:5052f8d5597c6656ca9b6bfd3de521504c79917aa80feb915d3c8546241f86ca\n\nAll OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available\nat https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:5069", "url": "https://access.redhat.com/errata/RHSA-2022:5069" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2022/rhsa-2022_5069.json" } ], "title": "Red Hat Security Advisory: OpenShift Container Platform 4.11.0 bug fix and security update", "tracking": { "current_release_date": "2022-08-29T01:42:00Z", "generator": { "date": "2023-07-01T05:44:00Z", "engine": { "name": "Red Hat SDEngine", "version": "3.18.0" } }, "id": "RHSA-2022:5069", "initial_release_date": "2022-08-10T10:32:00Z", "revision_history": [ { "date": "2022-08-29T01:42:00Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.11", "product": { "name": "Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.11::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "category": "product_version", "name": "openshift4/cloud-network-config-controller-rhel8:v4.11.0-202208020706.p0.g7a3c3c9.assembly.stream", "product": { "name": "openshift4/cloud-network-config-controller-rhel8:v4.11.0-202208020706.p0.g7a3c3c9.assembly.stream", "product_id": "openshift4/cloud-network-config-controller-rhel8:v4.11.0-202208020706.p0.g7a3c3c9.assembly.stream" } }, { "category": "product_version", "name": "openshift4/driver-toolkit-rhel8:v4.11.0-202208020947.p0.g4e799c0.assembly.stream", "product": { "name": "openshift4/driver-toolkit-rhel8:v4.11.0-202208020947.p0.g4e799c0.assembly.stream", "product_id": "openshift4/driver-toolkit-rhel8:v4.11.0-202208020947.p0.g4e799c0.assembly.stream" } }, { "category": "product_version", "name": "openshift4/egress-router-cni-rhel8:v4.11.0-202208020235.p0.gfccaf1d.assembly.stream", "product": { "name": "openshift4/egress-router-cni-rhel8:v4.11.0-202208020235.p0.gfccaf1d.assembly.stream", "product_id": "openshift4/egress-router-cni-rhel8:v4.11.0-202208020235.p0.gfccaf1d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/network-tools-rhel8:v4.11.0-202208020947.p0.g1845124.assembly.stream", "product": { "name": "openshift4/network-tools-rhel8:v4.11.0-202208020947.p0.g1845124.assembly.stream", "product_id": "openshift4/network-tools-rhel8:v4.11.0-202208020947.p0.g1845124.assembly.stream" } }, { "category": "product_version", "name": "openshift4/oc-mirror-plugin-rhel8:v4.11.0-202208020235.p0.g3c1c80c.assembly.stream", "product": { "name": "openshift4/oc-mirror-plugin-rhel8:v4.11.0-202208020235.p0.g3c1c80c.assembly.stream", "product_id": "openshift4/oc-mirror-plugin-rhel8:v4.11.0-202208020235.p0.g3c1c80c.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-agent-installer-api-server-rhel8:v4.11.0-202208020706.p0.g0f52647.assembly.stream", "product": { "name": "openshift4/ose-agent-installer-api-server-rhel8:v4.11.0-202208020706.p0.g0f52647.assembly.stream", "product_id": "openshift4/ose-agent-installer-api-server-rhel8:v4.11.0-202208020706.p0.g0f52647.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-agent-installer-csr-approver-rhel8:v4.11.0-202208020706.p0.g9a6e300.assembly.stream", "product": { "name": "openshift4/ose-agent-installer-csr-approver-rhel8:v4.11.0-202208020706.p0.g9a6e300.assembly.stream", "product_id": "openshift4/ose-agent-installer-csr-approver-rhel8:v4.11.0-202208020706.p0.g9a6e300.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-agent-installer-node-agent-rhel8:v4.11.0-202208020235.p0.gb17b06b.assembly.stream", "product": { "name": "openshift4/ose-agent-installer-node-agent-rhel8:v4.11.0-202208020235.p0.gb17b06b.assembly.stream", "product_id": "openshift4/ose-agent-installer-node-agent-rhel8:v4.11.0-202208020235.p0.gb17b06b.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-agent-installer-orchestrator-rhel8:v4.11.0-202208020235.p0.g9a6e300.assembly.stream", "product": { "name": "openshift4/ose-agent-installer-orchestrator-rhel8:v4.11.0-202208020235.p0.g9a6e300.assembly.stream", "product_id": "openshift4/ose-agent-installer-orchestrator-rhel8:v4.11.0-202208020235.p0.g9a6e300.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g79dddb1.assembly.stream", "product": { "name": "openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g79dddb1.assembly.stream", "product_id": "openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g79dddb1.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.11.0-202208020235.p0.g8dd7ae6.assembly.stream", "product": { "name": "openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.11.0-202208020235.p0.g8dd7ae6.assembly.stream", "product_id": "openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.11.0-202208020235.p0.g8dd7ae6.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.11.0-202208020235.p0.gf70a51b.assembly.stream", "product": { "name": "openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.11.0-202208020235.p0.gf70a51b.assembly.stream", "product_id": "openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.11.0-202208020235.p0.gf70a51b.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-alibaba-machine-controllers-rhel8:v4.11.0-202208020235.p0.g4145108.assembly.stream", "product": { "name": "openshift4/ose-alibaba-machine-controllers-rhel8:v4.11.0-202208020235.p0.g4145108.assembly.stream", "product_id": "openshift4/ose-alibaba-machine-controllers-rhel8:v4.11.0-202208020235.p0.g4145108.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-apiserver-network-proxy-rhel8:v4.11.0-202208020235.p0.g1966e0d.assembly.stream", "product": { "name": "openshift4/ose-apiserver-network-proxy-rhel8:v4.11.0-202208020235.p0.g1966e0d.assembly.stream", "product_id": "openshift4/ose-apiserver-network-proxy-rhel8:v4.11.0-202208020235.p0.g1966e0d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-aws-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gea1a9b2.assembly.stream", "product": { "name": "openshift4/ose-aws-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gea1a9b2.assembly.stream", "product_id": "openshift4/ose-aws-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gea1a9b2.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-aws-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gb3fe15b.assembly.stream", "product": { "name": "openshift4/ose-aws-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gb3fe15b.assembly.stream", "product_id": "openshift4/ose-aws-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gb3fe15b.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g2c7529e.assembly.stream", "product": { "name": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g2c7529e.assembly.stream", "product_id": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g2c7529e.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.11.0-202208020235.p0.g7564046.assembly.stream", "product": { "name": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.11.0-202208020235.p0.g7564046.assembly.stream", "product_id": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.11.0-202208020235.p0.g7564046.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.11.0-202208020235.p0.ga085f1c.assembly.stream", "product": { "name": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.11.0-202208020235.p0.ga085f1c.assembly.stream", "product_id": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.11.0-202208020235.p0.ga085f1c.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-azure-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gb56f632.assembly.stream", "product": { "name": "openshift4/ose-azure-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gb56f632.assembly.stream", "product_id": "openshift4/ose-azure-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gb56f632.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-azure-cloud-node-manager-rhel8:v4.11.0-202208020706.p0.gb56f632.assembly.stream", "product": { "name": "openshift4/ose-azure-cloud-node-manager-rhel8:v4.11.0-202208020706.p0.gb56f632.assembly.stream", "product_id": "openshift4/ose-azure-cloud-node-manager-rhel8:v4.11.0-202208020706.p0.gb56f632.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-azure-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.ga851a35.assembly.stream", "product": { "name": "openshift4/ose-azure-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.ga851a35.assembly.stream", "product_id": "openshift4/ose-azure-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.ga851a35.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gc4197c3.assembly.stream", "product": { "name": "openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gc4197c3.assembly.stream", "product_id": "openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gc4197c3.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-azure-disk-csi-driver-rhel8:v4.11.0-202208020235.p0.g0fe424e.assembly.stream", "product": { "name": "openshift4/ose-azure-disk-csi-driver-rhel8:v4.11.0-202208020235.p0.g0fe424e.assembly.stream", "product_id": "openshift4/ose-azure-disk-csi-driver-rhel8:v4.11.0-202208020235.p0.g0fe424e.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gcbe7044.assembly.stream", "product": { "name": "openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gcbe7044.assembly.stream", "product_id": "openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gcbe7044.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-azure-file-csi-driver-rhel8:v4.11.0-202208020235.p0.g67c3831.assembly.stream", "product": { "name": "openshift4/ose-azure-file-csi-driver-rhel8:v4.11.0-202208020235.p0.g67c3831.assembly.stream", "product_id": "openshift4/ose-azure-file-csi-driver-rhel8:v4.11.0-202208020235.p0.g67c3831.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-baremetal-installer-rhel8:v4.11.0-202208020235.p0.g3768430.assembly.stream", "product": { "name": "openshift4/ose-baremetal-installer-rhel8:v4.11.0-202208020235.p0.g3768430.assembly.stream", "product_id": "openshift4/ose-baremetal-installer-rhel8:v4.11.0-202208020235.p0.g3768430.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream", "product": { "name": "openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream", "product_id": "openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-baremetal-rhel8-operator:v4.11.0-202208020235.p0.g22b522c.assembly.stream", "product": { "name": "openshift4/ose-baremetal-rhel8-operator:v4.11.0-202208020235.p0.g22b522c.assembly.stream", "product_id": "openshift4/ose-baremetal-rhel8-operator:v4.11.0-202208020235.p0.g22b522c.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.11.0-202208020235.p0.g70d770d.assembly.stream", "product": { "name": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.11.0-202208020235.p0.g70d770d.assembly.stream", "product_id": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.11.0-202208020235.p0.g70d770d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cli-artifacts:v4.11.0-202208020706.p0.g7075089.assembly.stream", "product": { "name": "openshift4/ose-cli-artifacts:v4.11.0-202208020706.p0.g7075089.assembly.stream", "product_id": "openshift4/ose-cli-artifacts:v4.11.0-202208020706.p0.g7075089.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cli:v4.11.0-202208020706.p0.g7075089.assembly.stream", "product": { "name": "openshift4/ose-cli:v4.11.0-202208020706.p0.g7075089.assembly.stream", "product_id": "openshift4/ose-cli:v4.11.0-202208020706.p0.g7075089.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cloud-credential-operator:v4.11.0-202208020235.p0.g9a40d74.assembly.stream", "product": { "name": "openshift4/ose-cloud-credential-operator:v4.11.0-202208020235.p0.g9a40d74.assembly.stream", "product_id": "openshift4/ose-cloud-credential-operator:v4.11.0-202208020235.p0.g9a40d74.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-api-rhel8:v4.11.0-202208020235.p0.gf9c215c.assembly.stream", "product": { "name": "openshift4/ose-cluster-api-rhel8:v4.11.0-202208020235.p0.gf9c215c.assembly.stream", "product_id": "openshift4/ose-cluster-api-rhel8:v4.11.0-202208020235.p0.gf9c215c.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-authentication-operator:v4.11.0-202208020235.p0.ge2bcbaa.assembly.stream", "product": { "name": "openshift4/ose-cluster-authentication-operator:v4.11.0-202208020235.p0.ge2bcbaa.assembly.stream", "product_id": "openshift4/ose-cluster-authentication-operator:v4.11.0-202208020235.p0.ge2bcbaa.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-autoscaler-operator:v4.11.0-202208020706.p0.gfcffbcd.assembly.stream", "product": { "name": "openshift4/ose-cluster-autoscaler-operator:v4.11.0-202208020706.p0.gfcffbcd.assembly.stream", "product_id": "openshift4/ose-cluster-autoscaler-operator:v4.11.0-202208020706.p0.gfcffbcd.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-autoscaler:v4.11.0-202208020235.p0.g80a9b6d.assembly.stream", "product": { "name": "openshift4/ose-cluster-autoscaler:v4.11.0-202208020235.p0.g80a9b6d.assembly.stream", "product_id": "openshift4/ose-cluster-autoscaler:v4.11.0-202208020235.p0.g80a9b6d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202208020235.p0.g0f415d1.assembly.stream", "product": { "name": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202208020235.p0.g0f415d1.assembly.stream", "product_id": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202208020235.p0.g0f415d1.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-bootstrap:v4.11.0-202208020235.p0.gf22d1c6.assembly.stream", "product": { "name": "openshift4/ose-cluster-bootstrap:v4.11.0-202208020235.p0.gf22d1c6.assembly.stream", "product_id": "openshift4/ose-cluster-bootstrap:v4.11.0-202208020235.p0.gf22d1c6.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-capi-operator-container-rhel8:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "product": { "name": "openshift4/ose-cluster-capi-operator-container-rhel8:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "product_id": "openshift4/ose-cluster-capi-operator-container-rhel8:v4.11.0-202208020235.p0.g1a88f55.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-capi-rhel8-operator:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "product": { "name": "openshift4/ose-cluster-capi-rhel8-operator:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "product_id": "openshift4/ose-cluster-capi-rhel8-operator:v4.11.0-202208020235.p0.g1a88f55.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.11.0-202208020235.p0.gc2f2cbf.assembly.stream", "product": { "name": "openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.11.0-202208020235.p0.gc2f2cbf.assembly.stream", "product_id": "openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.11.0-202208020235.p0.gc2f2cbf.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-config-operator:v4.11.0-202208020235.p0.g0e01b06.assembly.stream", "product": { "name": "openshift4/ose-cluster-config-operator:v4.11.0-202208020235.p0.g0e01b06.assembly.stream", "product_id": "openshift4/ose-cluster-config-operator:v4.11.0-202208020235.p0.g0e01b06.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.11.0-202208020706.p0.g8d0774f.assembly.stream", "product": { "name": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.11.0-202208020706.p0.g8d0774f.assembly.stream", "product_id": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.11.0-202208020706.p0.g8d0774f.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-dns-operator:v4.11.0-202208020235.p0.g8998093.assembly.stream", "product": { "name": "openshift4/ose-cluster-dns-operator:v4.11.0-202208020235.p0.g8998093.assembly.stream", "product_id": "openshift4/ose-cluster-dns-operator:v4.11.0-202208020235.p0.g8998093.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-etcd-rhel8-operator:v4.11.0-202208020235.p0.gbcae2f3.assembly.stream", "product": { "name": "openshift4/ose-cluster-etcd-rhel8-operator:v4.11.0-202208020235.p0.gbcae2f3.assembly.stream", "product_id": "openshift4/ose-cluster-etcd-rhel8-operator:v4.11.0-202208020235.p0.gbcae2f3.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-image-registry-operator:v4.11.0-202208020235.p0.g4d66ea3.assembly.stream", "product": { "name": "openshift4/ose-cluster-image-registry-operator:v4.11.0-202208020235.p0.g4d66ea3.assembly.stream", "product_id": "openshift4/ose-cluster-image-registry-operator:v4.11.0-202208020235.p0.g4d66ea3.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-ingress-operator:v4.11.0-202208020235.p0.g2432dad.assembly.stream", "product": { "name": "openshift4/ose-cluster-ingress-operator:v4.11.0-202208020235.p0.g2432dad.assembly.stream", "product_id": "openshift4/ose-cluster-ingress-operator:v4.11.0-202208020235.p0.g2432dad.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-apiserver-operator:v4.11.0-202208020235.p0.gc7c94db.assembly.stream", "product": { "name": "openshift4/ose-cluster-kube-apiserver-operator:v4.11.0-202208020235.p0.gc7c94db.assembly.stream", "product_id": "openshift4/ose-cluster-kube-apiserver-operator:v4.11.0-202208020235.p0.gc7c94db.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-cluster-api-rhel8-operator:v4.11.0-202208020235.p0.g55efc39.assembly.stream", "product": { "name": "openshift4/ose-cluster-kube-cluster-api-rhel8-operator:v4.11.0-202208020235.p0.g55efc39.assembly.stream", "product_id": "openshift4/ose-cluster-kube-cluster-api-rhel8-operator:v4.11.0-202208020235.p0.g55efc39.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-controller-manager-operator:v4.11.0-202208020235.p0.ga6cb428.assembly.stream", "product": { "name": "openshift4/ose-cluster-kube-controller-manager-operator:v4.11.0-202208020235.p0.ga6cb428.assembly.stream", "product_id": "openshift4/ose-cluster-kube-controller-manager-operator:v4.11.0-202208020235.p0.ga6cb428.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-scheduler-operator:v4.11.0-202208020235.p0.gb8fed26.assembly.stream", "product": { "name": "openshift4/ose-cluster-kube-scheduler-operator:v4.11.0-202208020235.p0.gb8fed26.assembly.stream", "product_id": "openshift4/ose-cluster-kube-scheduler-operator:v4.11.0-202208020235.p0.gb8fed26.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.11.0-202208020235.p0.g12d050a.assembly.stream", "product": { "name": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.11.0-202208020235.p0.g12d050a.assembly.stream", "product_id": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.11.0-202208020235.p0.g12d050a.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-machine-approver:v4.11.0-202208020235.p0.g3ee1fe4.assembly.stream", "product": { "name": "openshift4/ose-cluster-machine-approver:v4.11.0-202208020235.p0.g3ee1fe4.assembly.stream", "product_id": "openshift4/ose-cluster-machine-approver:v4.11.0-202208020235.p0.g3ee1fe4.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-monitoring-operator:v4.11.0-202208020235.p0.gfcc377d.assembly.stream", "product": { "name": "openshift4/ose-cluster-monitoring-operator:v4.11.0-202208020235.p0.gfcc377d.assembly.stream", "product_id": "openshift4/ose-cluster-monitoring-operator:v4.11.0-202208020235.p0.gfcc377d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-network-operator:v4.11.0-202208020235.p0.g3528a6b.assembly.stream", "product": { "name": "openshift4/ose-cluster-network-operator:v4.11.0-202208020235.p0.g3528a6b.assembly.stream", "product_id": "openshift4/ose-cluster-network-operator:v4.11.0-202208020235.p0.g3528a6b.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-node-tuning-operator:v4.11.0-202208020235.p0.ga7921b7.assembly.stream", "product": { "name": "openshift4/ose-cluster-node-tuning-operator:v4.11.0-202208020235.p0.ga7921b7.assembly.stream", "product_id": "openshift4/ose-cluster-node-tuning-operator:v4.11.0-202208020235.p0.ga7921b7.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-openshift-apiserver-operator:v4.11.0-202208020235.p0.g5ddbeef.assembly.stream", "product": { "name": "openshift4/ose-cluster-openshift-apiserver-operator:v4.11.0-202208020235.p0.g5ddbeef.assembly.stream", "product_id": "openshift4/ose-cluster-openshift-apiserver-operator:v4.11.0-202208020235.p0.g5ddbeef.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.11.0-202208020235.p0.g0315835.assembly.stream", "product": { "name": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.11.0-202208020235.p0.g0315835.assembly.stream", "product_id": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.11.0-202208020235.p0.g0315835.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-policy-controller-rhel8:v4.11.0-202208020235.p0.gc7201ed.assembly.stream", "product": { "name": "openshift4/ose-cluster-policy-controller-rhel8:v4.11.0-202208020235.p0.gc7201ed.assembly.stream", "product_id": "openshift4/ose-cluster-policy-controller-rhel8:v4.11.0-202208020235.p0.gc7201ed.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-samples-operator:v4.11.0-202208020235.p0.g375a4a9.assembly.stream", "product": { "name": "openshift4/ose-cluster-samples-operator:v4.11.0-202208020235.p0.g375a4a9.assembly.stream", "product_id": "openshift4/ose-cluster-samples-operator:v4.11.0-202208020235.p0.g375a4a9.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-storage-operator:v4.11.0-202208020235.p0.gce8a6de.assembly.stream", "product": { "name": "openshift4/ose-cluster-storage-operator:v4.11.0-202208020235.p0.gce8a6de.assembly.stream", "product_id": "openshift4/ose-cluster-storage-operator:v4.11.0-202208020235.p0.gce8a6de.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-update-keys:v4.11.0-202207070244.p0.g289032f.assembly.stream", "product": { "name": "openshift4/ose-cluster-update-keys:v4.11.0-202207070244.p0.g289032f.assembly.stream", "product_id": "openshift4/ose-cluster-update-keys:v4.11.0-202207070244.p0.g289032f.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-version-operator:v4.11.0-202208020235.p0.g96cc88c.assembly.stream", "product": { "name": "openshift4/ose-cluster-version-operator:v4.11.0-202208020235.p0.g96cc88c.assembly.stream", "product_id": "openshift4/ose-cluster-version-operator:v4.11.0-202208020235.p0.g96cc88c.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-configmap-reloader:v4.11.0-202208020235.p0.gb7c03bb.assembly.stream", "product": { "name": "openshift4/ose-configmap-reloader:v4.11.0-202208020235.p0.gb7c03bb.assembly.stream", "product_id": "openshift4/ose-configmap-reloader:v4.11.0-202208020235.p0.gb7c03bb.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-console-operator:v4.11.0-202208020235.p0.g501e91f.assembly.stream", "product": { "name": "openshift4/ose-console-operator:v4.11.0-202208020235.p0.g501e91f.assembly.stream", "product_id": "openshift4/ose-console-operator:v4.11.0-202208020235.p0.g501e91f.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-console:v4.11.0-202208021257.p0.ge0d49a2.assembly.stream", "product": { "name": "openshift4/ose-console:v4.11.0-202208021257.p0.ge0d49a2.assembly.stream", "product_id": "openshift4/ose-console:v4.11.0-202208021257.p0.ge0d49a2.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-container-networking-plugins-rhel8:v4.11.0-202208020235.p0.g0ad9da6.assembly.stream", "product": { "name": "openshift4/ose-container-networking-plugins-rhel8:v4.11.0-202208020235.p0.g0ad9da6.assembly.stream", "product_id": "openshift4/ose-container-networking-plugins-rhel8:v4.11.0-202208020235.p0.g0ad9da6.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-coredns:v4.11.0-202208020235.p0.g7fe212f.assembly.stream", "product": { "name": "openshift4/ose-coredns:v4.11.0-202208020235.p0.g7fe212f.assembly.stream", "product_id": "openshift4/ose-coredns:v4.11.0-202208020235.p0.g7fe212f.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.11.0-202208020235.p0.g12cb253.assembly.stream", "product": { "name": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.11.0-202208020235.p0.g12cb253.assembly.stream", "product_id": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.11.0-202208020235.p0.g12cb253.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-driver-manila-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "product": { "name": "openshift4/ose-csi-driver-manila-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "product_id": "openshift4/ose-csi-driver-manila-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-driver-nfs-rhel8:v4.11.0-202208020235.p0.gf144bb4.assembly.stream", "product": { "name": "openshift4/ose-csi-driver-nfs-rhel8:v4.11.0-202208020235.p0.gf144bb4.assembly.stream", "product_id": "openshift4/ose-csi-driver-nfs-rhel8:v4.11.0-202208020235.p0.gf144bb4.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.11.0-202208020706.p0.gd3985eb.assembly.stream", "product": { "name": "openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.11.0-202208020706.p0.gd3985eb.assembly.stream", "product_id": "openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.11.0-202208020706.p0.gd3985eb.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-driver-shared-resource-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "product": { "name": "openshift4/ose-csi-driver-shared-resource-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "product_id": "openshift4/ose-csi-driver-shared-resource-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-driver-shared-resource-webhook-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "product": { "name": "openshift4/ose-csi-driver-shared-resource-webhook-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "product_id": "openshift4/ose-csi-driver-shared-resource-webhook-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-attacher-rhel8:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "product": { "name": "openshift4/ose-csi-external-attacher-rhel8:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "product_id": "openshift4/ose-csi-external-attacher-rhel8:v4.11.0-202208020235.p0.gda5442f.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-attacher:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "product": { "name": "openshift4/ose-csi-external-attacher:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "product_id": "openshift4/ose-csi-external-attacher:v4.11.0-202208020235.p0.gda5442f.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-provisioner-rhel8:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "product": { "name": "openshift4/ose-csi-external-provisioner-rhel8:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "product_id": "openshift4/ose-csi-external-provisioner-rhel8:v4.11.0-202208020235.p0.g86277ec.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-provisioner:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "product": { "name": "openshift4/ose-csi-external-provisioner:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "product_id": "openshift4/ose-csi-external-provisioner:v4.11.0-202208020235.p0.g86277ec.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-resizer-rhel8:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "product": { "name": "openshift4/ose-csi-external-resizer-rhel8:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "product_id": "openshift4/ose-csi-external-resizer-rhel8:v4.11.0-202208020235.p0.g2cea576.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-resizer:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "product": { "name": "openshift4/ose-csi-external-resizer:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "product_id": "openshift4/ose-csi-external-resizer:v4.11.0-202208020235.p0.g2cea576.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-snapshotter-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "product": { "name": "openshift4/ose-csi-external-snapshotter-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "product_id": "openshift4/ose-csi-external-snapshotter-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-snapshotter:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "product": { "name": "openshift4/ose-csi-external-snapshotter:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "product_id": "openshift4/ose-csi-external-snapshotter:v4.11.0-202208020235.p0.g0afdf73.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-livenessprobe-rhel8:v4.11.0-202208020235.p0.g7319607.assembly.stream", "product": { "name": "openshift4/ose-csi-livenessprobe-rhel8:v4.11.0-202208020235.p0.g7319607.assembly.stream", "product_id": "openshift4/ose-csi-livenessprobe-rhel8:v4.11.0-202208020235.p0.g7319607.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-livenessprobe:v4.11.0-202208020235.p0.g7319607.assembly.stream", "product": { "name": "openshift4/ose-csi-livenessprobe:v4.11.0-202208020235.p0.g7319607.assembly.stream", "product_id": "openshift4/ose-csi-livenessprobe:v4.11.0-202208020235.p0.g7319607.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-node-driver-registrar-rhel8:v4.11.0-202208020235.p0.g710109c.assembly.stream", "product": { "name": "openshift4/ose-csi-node-driver-registrar-rhel8:v4.11.0-202208020235.p0.g710109c.assembly.stream", "product_id": "openshift4/ose-csi-node-driver-registrar-rhel8:v4.11.0-202208020235.p0.g710109c.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-node-driver-registrar:v4.11.0-202208020235.p0.g710109c.assembly.stream", "product": { "name": "openshift4/ose-csi-node-driver-registrar:v4.11.0-202208020235.p0.g710109c.assembly.stream", "product_id": "openshift4/ose-csi-node-driver-registrar:v4.11.0-202208020235.p0.g710109c.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-snapshot-controller-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "product": { "name": "openshift4/ose-csi-snapshot-controller-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "product_id": "openshift4/ose-csi-snapshot-controller-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-snapshot-controller:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "product": { "name": "openshift4/ose-csi-snapshot-controller:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "product_id": "openshift4/ose-csi-snapshot-controller:v4.11.0-202208020235.p0.g0afdf73.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "product": { "name": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "product_id": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-deployer:v4.11.0-202208020706.p0.g7075089.assembly.stream", "product": { "name": "openshift4/ose-deployer:v4.11.0-202208020706.p0.g7075089.assembly.stream", "product_id": "openshift4/ose-deployer:v4.11.0-202208020706.p0.g7075089.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-docker-builder:v4.11.0-202208020235.p0.gb500d85.assembly.stream", "product": { "name": "openshift4/ose-docker-builder:v4.11.0-202208020235.p0.gb500d85.assembly.stream", "product_id": "openshift4/ose-docker-builder:v4.11.0-202208020235.p0.gb500d85.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-docker-registry:v4.11.0-202208020235.p0.g9f07f43.assembly.stream", "product": { "name": "openshift4/ose-docker-registry:v4.11.0-202208020235.p0.g9f07f43.assembly.stream", "product_id": "openshift4/ose-docker-registry:v4.11.0-202208020235.p0.g9f07f43.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-etcd:v4.11.0-202208020235.p0.g80cc14e.assembly.stream", "product": { "name": "openshift4/ose-etcd:v4.11.0-202208020235.p0.g80cc14e.assembly.stream", "product_id": "openshift4/ose-etcd:v4.11.0-202208020235.p0.g80cc14e.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g9a303b1.assembly.stream", "product": { "name": "openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g9a303b1.assembly.stream", "product_id": "openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g9a303b1.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-gcp-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gff20dda.assembly.stream", "product": { "name": "openshift4/ose-gcp-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gff20dda.assembly.stream", "product_id": "openshift4/ose-gcp-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gff20dda.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gbc7bad4.assembly.stream", "product": { "name": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gbc7bad4.assembly.stream", "product_id": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gbc7bad4.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.11.0-202208020235.p0.gf9d7fdc.assembly.stream", "product": { "name": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.11.0-202208020235.p0.gf9d7fdc.assembly.stream", "product_id": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.11.0-202208020235.p0.gf9d7fdc.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-grafana:v4.11.0-202208020235.p0.g6773185.assembly.stream", "product": { "name": "openshift4/ose-grafana:v4.11.0-202208020235.p0.g6773185.assembly.stream", "product_id": "openshift4/ose-grafana:v4.11.0-202208020235.p0.g6773185.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-haproxy-router:v4.11.0-202208020235.p0.g601ba57.assembly.stream", "product": { "name": "openshift4/ose-haproxy-router:v4.11.0-202208020235.p0.g601ba57.assembly.stream", "product_id": "openshift4/ose-haproxy-router:v4.11.0-202208020235.p0.g601ba57.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-hyperkube:v4.11.0-202208020235.p0.g9546431.assembly.stream", "product": { "name": "openshift4/ose-hyperkube:v4.11.0-202208020235.p0.g9546431.assembly.stream", "product_id": "openshift4/ose-hyperkube:v4.11.0-202208020235.p0.g9546431.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-hypershift-rhel8:v4.11.0-202208020235.p0.g65f10a3.assembly.stream", "product": { "name": "openshift4/ose-hypershift-rhel8:v4.11.0-202208020235.p0.g65f10a3.assembly.stream", "product_id": "openshift4/ose-hypershift-rhel8:v4.11.0-202208020235.p0.g65f10a3.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gce83696.assembly.stream", "product": { "name": "openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gce83696.assembly.stream", "product_id": "openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gce83696.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.ge4a2180.assembly.stream", "product": { "name": "openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.ge4a2180.assembly.stream", "product_id": "openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.ge4a2180.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.11.0-202208020235.p0.gc85624d.assembly.stream", "product": { "name": "openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.11.0-202208020235.p0.gc85624d.assembly.stream", "product_id": "openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.11.0-202208020235.p0.gc85624d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.11.0-202208020235.p0.g32e18fa.assembly.stream", "product": { "name": "openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.11.0-202208020235.p0.g32e18fa.assembly.stream", "product_id": "openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.11.0-202208020235.p0.g32e18fa.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.11.0-202208020235.p0.g3bde969.assembly.stream", "product": { "name": "openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.11.0-202208020235.p0.g3bde969.assembly.stream", "product_id": "openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.11.0-202208020235.p0.g3bde969.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-image-customization-controller-rhel8:v4.11.0-202208020235.p0.g42b4b1f.assembly.stream", "product": { "name": "openshift4/ose-image-customization-controller-rhel8:v4.11.0-202208020235.p0.g42b4b1f.assembly.stream", "product_id": "openshift4/ose-image-customization-controller-rhel8:v4.11.0-202208020235.p0.g42b4b1f.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-insights-rhel8-operator:v4.11.0-202208020235.p0.g0929403.assembly.stream", "product": { "name": "openshift4/ose-insights-rhel8-operator:v4.11.0-202208020235.p0.g0929403.assembly.stream", "product_id": "openshift4/ose-insights-rhel8-operator:v4.11.0-202208020235.p0.g0929403.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-installer-artifacts:v4.11.0-202208020706.p0.g3768430.assembly.stream", "product": { "name": "openshift4/ose-installer-artifacts:v4.11.0-202208020706.p0.g3768430.assembly.stream", "product_id": "openshift4/ose-installer-artifacts:v4.11.0-202208020706.p0.g3768430.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-installer:v4.11.0-202208020235.p0.g3768430.assembly.stream", "product": { "name": "openshift4/ose-installer:v4.11.0-202208020235.p0.g3768430.assembly.stream", "product_id": "openshift4/ose-installer:v4.11.0-202208020235.p0.g3768430.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ironic-agent-rhel8:v4.11.0-202207132222.p0.gd84c963.assembly.stream", "product": { "name": "openshift4/ose-ironic-agent-rhel8:v4.11.0-202207132222.p0.gd84c963.assembly.stream", "product_id": "openshift4/ose-ironic-agent-rhel8:v4.11.0-202207132222.p0.gd84c963.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.11.0-202208020235.p0.g81fe297.assembly.stream", "product": { "name": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.11.0-202208020235.p0.g81fe297.assembly.stream", "product_id": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.11.0-202208020235.p0.g81fe297.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ironic-rhel8:v4.11.0-202207132222.p0.gb1863f8.assembly.stream", "product": { "name": "openshift4/ose-ironic-rhel8:v4.11.0-202207132222.p0.gb1863f8.assembly.stream", "product_id": "openshift4/ose-ironic-rhel8:v4.11.0-202207132222.p0.gb1863f8.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.11.0-202207070244.p0.g84a378e.assembly.stream", "product": { "name": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.11.0-202207070244.p0.g84a378e.assembly.stream", "product_id": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.11.0-202207070244.p0.g84a378e.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-k8s-prometheus-adapter:v4.11.0-202208020235.p0.g32fb8ea.assembly.stream", "product": { "name": "openshift4/ose-k8s-prometheus-adapter:v4.11.0-202208020235.p0.g32fb8ea.assembly.stream", "product_id": "openshift4/ose-k8s-prometheus-adapter:v4.11.0-202208020235.p0.g32fb8ea.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-keepalived-ipfailover:v4.11.0-202207070244.p0.gf1330f6.assembly.stream", "product": { "name": "openshift4/ose-keepalived-ipfailover:v4.11.0-202207070244.p0.gf1330f6.assembly.stream", "product_id": "openshift4/ose-keepalived-ipfailover:v4.11.0-202207070244.p0.gf1330f6.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-kube-proxy:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "product": { "name": "openshift4/ose-kube-proxy:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "product_id": "openshift4/ose-kube-proxy:v4.11.0-202208020235.p0.gb76d388.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-kube-rbac-proxy:v4.11.0-202208020235.p0.ga805ba5.assembly.stream", "product": { "name": "openshift4/ose-kube-rbac-proxy:v4.11.0-202208020235.p0.ga805ba5.assembly.stream", "product_id": "openshift4/ose-kube-rbac-proxy:v4.11.0-202208020235.p0.ga805ba5.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-kube-state-metrics:v4.11.0-202208020235.p0.g896d000.assembly.stream", "product": { "name": "openshift4/ose-kube-state-metrics:v4.11.0-202208020235.p0.g896d000.assembly.stream", "product_id": "openshift4/ose-kube-state-metrics:v4.11.0-202208020235.p0.g896d000.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.11.0-202208020235.p0.g596745c.assembly.stream", "product": { "name": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.11.0-202208020235.p0.g596745c.assembly.stream", "product_id": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.11.0-202208020235.p0.g596745c.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-kuryr-cni-rhel8:v4.11.0-202208020235.p0.g66c0cec.assembly.stream", "product": { "name": "openshift4/ose-kuryr-cni-rhel8:v4.11.0-202208020235.p0.g66c0cec.assembly.stream", "product_id": "openshift4/ose-kuryr-cni-rhel8:v4.11.0-202208020235.p0.g66c0cec.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-kuryr-controller-rhel8:v4.11.0-202208011446.p0.g66c0cec.assembly.stream", "product": { "name": "openshift4/ose-kuryr-controller-rhel8:v4.11.0-202208011446.p0.g66c0cec.assembly.stream", "product_id": "openshift4/ose-kuryr-controller-rhel8:v4.11.0-202208011446.p0.g66c0cec.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-libvirt-machine-controllers:v4.11.0-202208020235.p0.gb6e14ea.assembly.stream", "product": { "name": "openshift4/ose-libvirt-machine-controllers:v4.11.0-202208020235.p0.gb6e14ea.assembly.stream", "product_id": "openshift4/ose-libvirt-machine-controllers:v4.11.0-202208020235.p0.gb6e14ea.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-machine-api-operator:v4.11.0-202208020235.p0.g4e3e83c.assembly.stream", "product": { "name": "openshift4/ose-machine-api-operator:v4.11.0-202208020235.p0.g4e3e83c.assembly.stream", "product_id": "openshift4/ose-machine-api-operator:v4.11.0-202208020235.p0.g4e3e83c.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-machine-api-provider-aws-rhel8:v4.11.0-202208020235.p0.gd701bcb.assembly.stream", "product": { "name": "openshift4/ose-machine-api-provider-aws-rhel8:v4.11.0-202208020235.p0.gd701bcb.assembly.stream", "product_id": "openshift4/ose-machine-api-provider-aws-rhel8:v4.11.0-202208020235.p0.gd701bcb.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-machine-api-provider-azure-rhel8:v4.11.0-202208020706.p0.g93b3f9e.assembly.stream", "product": { "name": "openshift4/ose-machine-api-provider-azure-rhel8:v4.11.0-202208020706.p0.g93b3f9e.assembly.stream", "product_id": "openshift4/ose-machine-api-provider-azure-rhel8:v4.11.0-202208020706.p0.g93b3f9e.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-machine-api-provider-gcp-rhel8:v4.11.0-202208020235.p0.g17a3a9f.assembly.stream", "product": { "name": "openshift4/ose-machine-api-provider-gcp-rhel8:v4.11.0-202208020235.p0.g17a3a9f.assembly.stream", "product_id": "openshift4/ose-machine-api-provider-gcp-rhel8:v4.11.0-202208020235.p0.g17a3a9f.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-machine-api-provider-openstack-rhel8:v4.11.0-202208020235.p0.geb7e497.assembly.stream", "product": { "name": "openshift4/ose-machine-api-provider-openstack-rhel8:v4.11.0-202208020235.p0.geb7e497.assembly.stream", "product_id": "openshift4/ose-machine-api-provider-openstack-rhel8:v4.11.0-202208020235.p0.geb7e497.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-machine-config-operator:v4.11.0-202208020235.p0.ge722bb7.assembly.stream", "product": { "name": "openshift4/ose-machine-config-operator:v4.11.0-202208020235.p0.ge722bb7.assembly.stream", "product_id": "openshift4/ose-machine-config-operator:v4.11.0-202208020235.p0.ge722bb7.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-machine-os-images-rhel8:v4.11.0-202208020235.p0.g1150735.assembly.stream", "product": { "name": "openshift4/ose-machine-os-images-rhel8:v4.11.0-202208020235.p0.g1150735.assembly.stream", "product_id": "openshift4/ose-machine-os-images-rhel8:v4.11.0-202208020235.p0.g1150735.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-multus-admission-controller:v4.11.0-202208020235.p0.gf38aae4.assembly.stream", "product": { "name": "openshift4/ose-multus-admission-controller:v4.11.0-202208020235.p0.gf38aae4.assembly.stream", "product_id": "openshift4/ose-multus-admission-controller:v4.11.0-202208020235.p0.gf38aae4.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-multus-cni:v4.11.0-202208020235.p0.g3cc5a3a.assembly.stream", "product": { "name": "openshift4/ose-multus-cni:v4.11.0-202208020235.p0.g3cc5a3a.assembly.stream", "product_id": "openshift4/ose-multus-cni:v4.11.0-202208020235.p0.g3cc5a3a.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-multus-networkpolicy-rhel8:v4.11.0-202208020706.p0.g643fdaf.assembly.stream", "product": { "name": "openshift4/ose-multus-networkpolicy-rhel8:v4.11.0-202208020706.p0.g643fdaf.assembly.stream", "product_id": "openshift4/ose-multus-networkpolicy-rhel8:v4.11.0-202208020706.p0.g643fdaf.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-multus-route-override-cni-rhel8:v4.11.0-202208020235.p0.g523b790.assembly.stream", "product": { "name": "openshift4/ose-multus-route-override-cni-rhel8:v4.11.0-202208020235.p0.g523b790.assembly.stream", "product_id": "openshift4/ose-multus-route-override-cni-rhel8:v4.11.0-202208020235.p0.g523b790.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.11.0-202208020235.p0.g9951259.assembly.stream", "product": { "name": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.11.0-202208020235.p0.g9951259.assembly.stream", "product_id": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.11.0-202208020235.p0.g9951259.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-must-gather:v4.11.0-202208020706.p0.g32bca40.assembly.stream", "product": { "name": "openshift4/ose-must-gather:v4.11.0-202208020706.p0.g32bca40.assembly.stream", "product_id": "openshift4/ose-must-gather:v4.11.0-202208020706.p0.g32bca40.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-network-interface-bond-cni-rhel8:v4.11.0-202208020235.p0.gd69bd07.assembly.stream", "product": { "name": "openshift4/ose-network-interface-bond-cni-rhel8:v4.11.0-202208020235.p0.gd69bd07.assembly.stream", "product_id": "openshift4/ose-network-interface-bond-cni-rhel8:v4.11.0-202208020235.p0.gd69bd07.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-network-metrics-daemon-rhel8:v4.11.0-202208020235.p0.g9482ac9.assembly.stream", "product": { "name": "openshift4/ose-network-metrics-daemon-rhel8:v4.11.0-202208020235.p0.g9482ac9.assembly.stream", "product_id": "openshift4/ose-network-metrics-daemon-rhel8:v4.11.0-202208020235.p0.g9482ac9.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-nutanix-machine-controllers-rhel8:v4.11.0-202208020235.p0.ga94eb77.assembly.stream", "product": { "name": "openshift4/ose-nutanix-machine-controllers-rhel8:v4.11.0-202208020235.p0.ga94eb77.assembly.stream", "product_id": "openshift4/ose-nutanix-machine-controllers-rhel8:v4.11.0-202208020235.p0.ga94eb77.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-oauth-apiserver-rhel8:v4.11.0-202208020235.p0.gf60f1c1.assembly.stream", "product": { "name": "openshift4/ose-oauth-apiserver-rhel8:v4.11.0-202208020235.p0.gf60f1c1.assembly.stream", "product_id": "openshift4/ose-oauth-apiserver-rhel8:v4.11.0-202208020235.p0.gf60f1c1.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-oauth-proxy:v4.11.0-202208020235.p0.gaad1b28.assembly.stream", "product": { "name": "openshift4/ose-oauth-proxy:v4.11.0-202208020235.p0.gaad1b28.assembly.stream", "product_id": "openshift4/ose-oauth-proxy:v4.11.0-202208020235.p0.gaad1b28.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-oauth-server-rhel8:v4.11.0-202208020235.p0.g8d80088.assembly.stream", "product": { "name": "openshift4/ose-oauth-server-rhel8:v4.11.0-202208020235.p0.g8d80088.assembly.stream", "product_id": "openshift4/ose-oauth-server-rhel8:v4.11.0-202208020235.p0.g8d80088.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-openshift-apiserver-rhel8:v4.11.0-202208020235.p0.g4b6f874.assembly.stream", "product": { "name": "openshift4/ose-openshift-apiserver-rhel8:v4.11.0-202208020235.p0.g4b6f874.assembly.stream", "product_id": "openshift4/ose-openshift-apiserver-rhel8:v4.11.0-202208020235.p0.g4b6f874.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-openshift-controller-manager-rhel8:v4.11.0-202208020235.p0.g46157a3.assembly.stream", "product": { "name": "openshift4/ose-openshift-controller-manager-rhel8:v4.11.0-202208020235.p0.g46157a3.assembly.stream", "product_id": "openshift4/ose-openshift-controller-manager-rhel8:v4.11.0-202208020235.p0.g46157a3.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-openshift-state-metrics-rhel8:v4.11.0-202208020235.p0.g1a7a5dc.assembly.stream", "product": { "name": "openshift4/ose-openshift-state-metrics-rhel8:v4.11.0-202208020235.p0.g1a7a5dc.assembly.stream", "product_id": "openshift4/ose-openshift-state-metrics-rhel8:v4.11.0-202208020235.p0.g1a7a5dc.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gae4c45c.assembly.stream", "product": { "name": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gae4c45c.assembly.stream", "product_id": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gae4c45c.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "product": { "name": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "product_id": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "product": { "name": "openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "product_id": "openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-openstack-machine-controllers:v4.11.0-202208020235.p0.g440ca42.assembly.stream", "product": { "name": "openshift4/ose-openstack-machine-controllers:v4.11.0-202208020235.p0.g440ca42.assembly.stream", "product_id": "openshift4/ose-openstack-machine-controllers:v4.11.0-202208020235.p0.g440ca42.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-operator-lifecycle-manager:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "product": { "name": "openshift4/ose-operator-lifecycle-manager:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "product_id": "openshift4/ose-operator-lifecycle-manager:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-operator-marketplace:v4.11.0-202208020235.p0.g040c64e.assembly.stream", "product": { "name": "openshift4/ose-operator-marketplace:v4.11.0-202208020235.p0.g040c64e.assembly.stream", "product_id": "openshift4/ose-operator-marketplace:v4.11.0-202208020235.p0.g040c64e.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-operator-registry:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "product": { "name": "openshift4/ose-operator-registry:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "product_id": "openshift4/ose-operator-registry:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.11.0-202208020235.p0.g5a93d94.assembly.stream", "product": { "name": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.11.0-202208020235.p0.g5a93d94.assembly.stream", "product_id": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.11.0-202208020235.p0.g5a93d94.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ovn-kubernetes:v4.11.0-202208020706.p0.g2e00ec0.assembly.stream", "product": { "name": "openshift4/ose-ovn-kubernetes:v4.11.0-202208020706.p0.g2e00ec0.assembly.stream", "product_id": "openshift4/ose-ovn-kubernetes:v4.11.0-202208020706.p0.g2e00ec0.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-pod:v4.11.0-202208020235.p0.g9546431.assembly.stream", "product": { "name": "openshift4/ose-pod:v4.11.0-202208020235.p0.g9546431.assembly.stream", "product_id": "openshift4/ose-pod:v4.11.0-202208020235.p0.g9546431.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-powervs-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g8ace6e9.assembly.stream", "product": { "name": "openshift4/ose-powervs-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g8ace6e9.assembly.stream", "product_id": "openshift4/ose-powervs-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g8ace6e9.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-powervs-machine-controllers-rhel8:v4.11.0-202208020235.p0.g76649b3.assembly.stream", "product": { "name": "openshift4/ose-powervs-machine-controllers-rhel8:v4.11.0-202208020235.p0.g76649b3.assembly.stream", "product_id": "openshift4/ose-powervs-machine-controllers-rhel8:v4.11.0-202208020235.p0.g76649b3.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-prom-label-proxy:v4.11.0-202208020235.p0.gaf12fbc.assembly.stream", "product": { "name": "openshift4/ose-prom-label-proxy:v4.11.0-202208020235.p0.gaf12fbc.assembly.stream", "product_id": "openshift4/ose-prom-label-proxy:v4.11.0-202208020235.p0.gaf12fbc.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-prometheus-alertmanager:v4.11.0-202208020235.p0.g05cfc39.assembly.stream", "product": { "name": "openshift4/ose-prometheus-alertmanager:v4.11.0-202208020235.p0.g05cfc39.assembly.stream", "product_id": "openshift4/ose-prometheus-alertmanager:v4.11.0-202208020235.p0.g05cfc39.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-prometheus-config-reloader:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "product": { "name": "openshift4/ose-prometheus-config-reloader:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "product_id": "openshift4/ose-prometheus-config-reloader:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-prometheus-node-exporter:v4.11.0-202208020235.p0.g0102201.assembly.stream", "product": { "name": "openshift4/ose-prometheus-node-exporter:v4.11.0-202208020235.p0.g0102201.assembly.stream", "product_id": "openshift4/ose-prometheus-node-exporter:v4.11.0-202208020235.p0.g0102201.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-prometheus-operator-admission-webhook-rhel8:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "product": { "name": "openshift4/ose-prometheus-operator-admission-webhook-rhel8:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "product_id": "openshift4/ose-prometheus-operator-admission-webhook-rhel8:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-prometheus-operator:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "product": { "name": "openshift4/ose-prometheus-operator:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "product_id": "openshift4/ose-prometheus-operator:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-prometheus:v4.11.0-202208020235.p0.gd2dfc27.assembly.stream", "product": { "name": "openshift4/ose-prometheus:v4.11.0-202208020235.p0.gd2dfc27.assembly.stream", "product_id": "openshift4/ose-prometheus:v4.11.0-202208020235.p0.gd2dfc27.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-sdn-rhel8:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "product": { "name": "openshift4/ose-sdn-rhel8:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "product_id": "openshift4/ose-sdn-rhel8:v4.11.0-202208020235.p0.gb76d388.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-service-ca-operator:v4.11.0-202208020235.p0.g0899d11.assembly.stream", "product": { "name": "openshift4/ose-service-ca-operator:v4.11.0-202208020235.p0.g0899d11.assembly.stream", "product_id": "openshift4/ose-service-ca-operator:v4.11.0-202208020235.p0.g0899d11.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-telemeter:v4.11.0-202208020235.p0.g77b2966.assembly.stream", "product": { "name": "openshift4/ose-telemeter:v4.11.0-202208020235.p0.g77b2966.assembly.stream", "product_id": "openshift4/ose-telemeter:v4.11.0-202208020235.p0.g77b2966.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-tests:v4.11.0-202208020706.p0.gb860532.assembly.stream", "product": { "name": "openshift4/ose-tests:v4.11.0-202208020706.p0.gb860532.assembly.stream", "product_id": "openshift4/ose-tests:v4.11.0-202208020706.p0.gb860532.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-thanos-rhel8:v4.11.0-202208020235.p0.gf08da2d.assembly.stream", "product": { "name": "openshift4/ose-thanos-rhel8:v4.11.0-202208020235.p0.gf08da2d.assembly.stream", "product_id": "openshift4/ose-thanos-rhel8:v4.11.0-202208020235.p0.gf08da2d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-tools-rhel8:v4.11.0-202208020706.p0.g7075089.assembly.stream", "product": { "name": "openshift4/ose-tools-rhel8:v4.11.0-202208020706.p0.g7075089.assembly.stream", "product_id": "openshift4/ose-tools-rhel8:v4.11.0-202208020706.p0.g7075089.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "product": { "name": "openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "product_id": "openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "product": { "name": "openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "product_id": "openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g6fd8e8d.assembly.stream", "product": { "name": "openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g6fd8e8d.assembly.stream", "product_id": "openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g6fd8e8d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-vsphere-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gf67d1d0.assembly.stream", "product": { "name": "openshift4/ose-vsphere-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gf67d1d0.assembly.stream", "product_id": "openshift4/ose-vsphere-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gf67d1d0.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "product": { "name": "openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "product_id": "openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "product": { "name": "openshift4/ose-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "product_id": "openshift4/ose-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "product": { "name": "openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "product_id": "openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-vsphere-problem-detector-rhel8:v4.11.0-202208020235.p0.g5910f33.assembly.stream", "product": { "name": "openshift4/ose-vsphere-problem-detector-rhel8:v4.11.0-202208020235.p0.g5910f33.assembly.stream", "product_id": "openshift4/ose-vsphere-problem-detector-rhel8:v4.11.0-202208020235.p0.g5910f33.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ovirt-csi-driver-rhel7:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream", "product": { "name": "openshift4/ovirt-csi-driver-rhel7:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream", "product_id": "openshift4/ovirt-csi-driver-rhel7:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ovirt-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g7a30e38.assembly.stream", "product": { "name": "openshift4/ovirt-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g7a30e38.assembly.stream", "product_id": "openshift4/ovirt-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g7a30e38.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ovirt-csi-driver-rhel8:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream", "product": { "name": "openshift4/ovirt-csi-driver-rhel8:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream", "product_id": "openshift4/ovirt-csi-driver-rhel8:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream" } } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift4/cloud-network-config-controller-rhel8:v4.11.0-202208020706.p0.g7a3c3c9.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/cloud-network-config-controller-rhel8:v4.11.0-202208020706.p0.g7a3c3c9.assembly.stream" }, "product_reference": "openshift4/cloud-network-config-controller-rhel8:v4.11.0-202208020706.p0.g7a3c3c9.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/driver-toolkit-rhel8:v4.11.0-202208020947.p0.g4e799c0.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/driver-toolkit-rhel8:v4.11.0-202208020947.p0.g4e799c0.assembly.stream" }, "product_reference": "openshift4/driver-toolkit-rhel8:v4.11.0-202208020947.p0.g4e799c0.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/egress-router-cni-rhel8:v4.11.0-202208020235.p0.gfccaf1d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/egress-router-cni-rhel8:v4.11.0-202208020235.p0.gfccaf1d.assembly.stream" }, "product_reference": "openshift4/egress-router-cni-rhel8:v4.11.0-202208020235.p0.gfccaf1d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/network-tools-rhel8:v4.11.0-202208020947.p0.g1845124.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/network-tools-rhel8:v4.11.0-202208020947.p0.g1845124.assembly.stream" }, "product_reference": "openshift4/network-tools-rhel8:v4.11.0-202208020947.p0.g1845124.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/oc-mirror-plugin-rhel8:v4.11.0-202208020235.p0.g3c1c80c.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/oc-mirror-plugin-rhel8:v4.11.0-202208020235.p0.g3c1c80c.assembly.stream" }, "product_reference": "openshift4/oc-mirror-plugin-rhel8:v4.11.0-202208020235.p0.g3c1c80c.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-agent-installer-api-server-rhel8:v4.11.0-202208020706.p0.g0f52647.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-agent-installer-api-server-rhel8:v4.11.0-202208020706.p0.g0f52647.assembly.stream" }, "product_reference": "openshift4/ose-agent-installer-api-server-rhel8:v4.11.0-202208020706.p0.g0f52647.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-agent-installer-csr-approver-rhel8:v4.11.0-202208020706.p0.g9a6e300.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-agent-installer-csr-approver-rhel8:v4.11.0-202208020706.p0.g9a6e300.assembly.stream" }, "product_reference": "openshift4/ose-agent-installer-csr-approver-rhel8:v4.11.0-202208020706.p0.g9a6e300.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-agent-installer-node-agent-rhel8:v4.11.0-202208020235.p0.gb17b06b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-agent-installer-node-agent-rhel8:v4.11.0-202208020235.p0.gb17b06b.assembly.stream" }, "product_reference": "openshift4/ose-agent-installer-node-agent-rhel8:v4.11.0-202208020235.p0.gb17b06b.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-agent-installer-orchestrator-rhel8:v4.11.0-202208020235.p0.g9a6e300.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-agent-installer-orchestrator-rhel8:v4.11.0-202208020235.p0.g9a6e300.assembly.stream" }, "product_reference": "openshift4/ose-agent-installer-orchestrator-rhel8:v4.11.0-202208020235.p0.g9a6e300.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g79dddb1.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g79dddb1.assembly.stream" }, "product_reference": "openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g79dddb1.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.11.0-202208020235.p0.g8dd7ae6.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.11.0-202208020235.p0.g8dd7ae6.assembly.stream" }, "product_reference": "openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.11.0-202208020235.p0.g8dd7ae6.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.11.0-202208020235.p0.gf70a51b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.11.0-202208020235.p0.gf70a51b.assembly.stream" }, "product_reference": "openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.11.0-202208020235.p0.gf70a51b.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-alibaba-machine-controllers-rhel8:v4.11.0-202208020235.p0.g4145108.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-alibaba-machine-controllers-rhel8:v4.11.0-202208020235.p0.g4145108.assembly.stream" }, "product_reference": "openshift4/ose-alibaba-machine-controllers-rhel8:v4.11.0-202208020235.p0.g4145108.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-apiserver-network-proxy-rhel8:v4.11.0-202208020235.p0.g1966e0d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-apiserver-network-proxy-rhel8:v4.11.0-202208020235.p0.g1966e0d.assembly.stream" }, "product_reference": "openshift4/ose-apiserver-network-proxy-rhel8:v4.11.0-202208020235.p0.g1966e0d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-aws-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gea1a9b2.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gea1a9b2.assembly.stream" }, "product_reference": "openshift4/ose-aws-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gea1a9b2.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-aws-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gb3fe15b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-aws-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gb3fe15b.assembly.stream" }, "product_reference": "openshift4/ose-aws-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gb3fe15b.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g2c7529e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g2c7529e.assembly.stream" }, "product_reference": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g2c7529e.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.11.0-202208020235.p0.g7564046.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.11.0-202208020235.p0.g7564046.assembly.stream" }, "product_reference": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.11.0-202208020235.p0.g7564046.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.11.0-202208020235.p0.ga085f1c.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.11.0-202208020235.p0.ga085f1c.assembly.stream" }, "product_reference": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.11.0-202208020235.p0.ga085f1c.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-azure-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gb56f632.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gb56f632.assembly.stream" }, "product_reference": "openshift4/ose-azure-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gb56f632.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-azure-cloud-node-manager-rhel8:v4.11.0-202208020706.p0.gb56f632.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-node-manager-rhel8:v4.11.0-202208020706.p0.gb56f632.assembly.stream" }, "product_reference": "openshift4/ose-azure-cloud-node-manager-rhel8:v4.11.0-202208020706.p0.gb56f632.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-azure-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.ga851a35.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-azure-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.ga851a35.assembly.stream" }, "product_reference": "openshift4/ose-azure-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.ga851a35.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gc4197c3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gc4197c3.assembly.stream" }, "product_reference": "openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gc4197c3.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-azure-disk-csi-driver-rhel8:v4.11.0-202208020235.p0.g0fe424e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8:v4.11.0-202208020235.p0.g0fe424e.assembly.stream" }, "product_reference": "openshift4/ose-azure-disk-csi-driver-rhel8:v4.11.0-202208020235.p0.g0fe424e.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gcbe7044.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gcbe7044.assembly.stream" }, "product_reference": "openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gcbe7044.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-azure-file-csi-driver-rhel8:v4.11.0-202208020235.p0.g67c3831.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-rhel8:v4.11.0-202208020235.p0.g67c3831.assembly.stream" }, "product_reference": "openshift4/ose-azure-file-csi-driver-rhel8:v4.11.0-202208020235.p0.g67c3831.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-baremetal-installer-rhel8:v4.11.0-202208020235.p0.g3768430.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-baremetal-installer-rhel8:v4.11.0-202208020235.p0.g3768430.assembly.stream" }, "product_reference": "openshift4/ose-baremetal-installer-rhel8:v4.11.0-202208020235.p0.g3768430.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream" }, "product_reference": "openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-baremetal-rhel8-operator:v4.11.0-202208020235.p0.g22b522c.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-baremetal-rhel8-operator:v4.11.0-202208020235.p0.g22b522c.assembly.stream" }, "product_reference": "openshift4/ose-baremetal-rhel8-operator:v4.11.0-202208020235.p0.g22b522c.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.11.0-202208020235.p0.g70d770d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-baremetal-runtimecfg-rhel8:v4.11.0-202208020235.p0.g70d770d.assembly.stream" }, "product_reference": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.11.0-202208020235.p0.g70d770d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cli-artifacts:v4.11.0-202208020706.p0.g7075089.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-cli-artifacts:v4.11.0-202208020706.p0.g7075089.assembly.stream" }, "product_reference": "openshift4/ose-cli-artifacts:v4.11.0-202208020706.p0.g7075089.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cli:v4.11.0-202208020706.p0.g7075089.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-cli:v4.11.0-202208020706.p0.g7075089.assembly.stream" }, "product_reference": "openshift4/ose-cli:v4.11.0-202208020706.p0.g7075089.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cloud-credential-operator:v4.11.0-202208020235.p0.g9a40d74.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-cloud-credential-operator:v4.11.0-202208020235.p0.g9a40d74.assembly.stream" }, "product_reference": "openshift4/ose-cloud-credential-operator:v4.11.0-202208020235.p0.g9a40d74.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-api-rhel8:v4.11.0-202208020235.p0.gf9c215c.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-cluster-api-rhel8:v4.11.0-202208020235.p0.gf9c215c.assembly.stream" }, "product_reference": "openshift4/ose-cluster-api-rhel8:v4.11.0-202208020235.p0.gf9c215c.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-authentication-operator:v4.11.0-202208020235.p0.ge2bcbaa.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-cluster-authentication-operator:v4.11.0-202208020235.p0.ge2bcbaa.assembly.stream" }, "product_reference": "openshift4/ose-cluster-authentication-operator:v4.11.0-202208020235.p0.ge2bcbaa.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-autoscaler-operator:v4.11.0-202208020706.p0.gfcffbcd.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler-operator:v4.11.0-202208020706.p0.gfcffbcd.assembly.stream" }, "product_reference": "openshift4/ose-cluster-autoscaler-operator:v4.11.0-202208020706.p0.gfcffbcd.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-autoscaler:v4.11.0-202208020235.p0.g80a9b6d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler:v4.11.0-202208020235.p0.g80a9b6d.assembly.stream" }, "product_reference": "openshift4/ose-cluster-autoscaler:v4.11.0-202208020235.p0.g80a9b6d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202208020235.p0.g0f415d1.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202208020235.p0.g0f415d1.assembly.stream" }, "product_reference": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202208020235.p0.g0f415d1.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-bootstrap:v4.11.0-202208020235.p0.gf22d1c6.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-cluster-bootstrap:v4.11.0-202208020235.p0.gf22d1c6.assembly.stream" }, "product_reference": "openshift4/ose-cluster-bootstrap:v4.11.0-202208020235.p0.gf22d1c6.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-capi-operator-container-rhel8:v4.11.0-202208020235.p0.g1a88f55.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-operator-container-rhel8:v4.11.0-202208020235.p0.g1a88f55.assembly.stream" }, "product_reference": "openshift4/ose-cluster-capi-operator-container-rhel8:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-capi-rhel8-operator:v4.11.0-202208020235.p0.g1a88f55.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-rhel8-operator:v4.11.0-202208020235.p0.g1a88f55.assembly.stream" }, "product_reference": "openshift4/ose-cluster-capi-rhel8-operator:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.11.0-202208020235.p0.gc2f2cbf.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.11.0-202208020235.p0.gc2f2cbf.assembly.stream" }, "product_reference": "openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.11.0-202208020235.p0.gc2f2cbf.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-config-operator:v4.11.0-202208020235.p0.g0e01b06.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-cluster-config-operator:v4.11.0-202208020235.p0.g0e01b06.assembly.stream" }, "product_reference": "openshift4/ose-cluster-config-operator:v4.11.0-202208020235.p0.g0e01b06.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.11.0-202208020706.p0.g8d0774f.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.11.0-202208020706.p0.g8d0774f.assembly.stream" }, "product_reference": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.11.0-202208020706.p0.g8d0774f.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-dns-operator:v4.11.0-202208020235.p0.g8998093.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-cluster-dns-operator:v4.11.0-202208020235.p0.g8998093.assembly.stream" }, "product_reference": "openshift4/ose-cluster-dns-operator:v4.11.0-202208020235.p0.g8998093.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-etcd-rhel8-operator:v4.11.0-202208020235.p0.gbcae2f3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-cluster-etcd-rhel8-operator:v4.11.0-202208020235.p0.gbcae2f3.assembly.stream" }, "product_reference": "openshift4/ose-cluster-etcd-rhel8-operator:v4.11.0-202208020235.p0.gbcae2f3.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-image-registry-operator:v4.11.0-202208020235.p0.g4d66ea3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-cluster-image-registry-operator:v4.11.0-202208020235.p0.g4d66ea3.assembly.stream" }, "product_reference": "openshift4/ose-cluster-image-registry-operator:v4.11.0-202208020235.p0.g4d66ea3.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-ingress-operator:v4.11.0-202208020235.p0.g2432dad.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-cluster-ingress-operator:v4.11.0-202208020235.p0.g2432dad.assembly.stream" }, "product_reference": "openshift4/ose-cluster-ingress-operator:v4.11.0-202208020235.p0.g2432dad.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-apiserver-operator:v4.11.0-202208020235.p0.gc7c94db.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-apiserver-operator:v4.11.0-202208020235.p0.gc7c94db.assembly.stream" }, "product_reference": "openshift4/ose-cluster-kube-apiserver-operator:v4.11.0-202208020235.p0.gc7c94db.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-cluster-api-rhel8-operator:v4.11.0-202208020235.p0.g55efc39.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-cluster-api-rhel8-operator:v4.11.0-202208020235.p0.g55efc39.assembly.stream" }, "product_reference": "openshift4/ose-cluster-kube-cluster-api-rhel8-operator:v4.11.0-202208020235.p0.g55efc39.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-controller-manager-operator:v4.11.0-202208020235.p0.ga6cb428.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-controller-manager-operator:v4.11.0-202208020235.p0.ga6cb428.assembly.stream" }, "product_reference": "openshift4/ose-cluster-kube-controller-manager-operator:v4.11.0-202208020235.p0.ga6cb428.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-scheduler-operator:v4.11.0-202208020235.p0.gb8fed26.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-scheduler-operator:v4.11.0-202208020235.p0.gb8fed26.assembly.stream" }, "product_reference": "openshift4/ose-cluster-kube-scheduler-operator:v4.11.0-202208020235.p0.gb8fed26.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.11.0-202208020235.p0.g12d050a.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.11.0-202208020235.p0.g12d050a.assembly.stream" }, "product_reference": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.11.0-202208020235.p0.g12d050a.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-machine-approver:v4.11.0-202208020235.p0.g3ee1fe4.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-cluster-machine-approver:v4.11.0-202208020235.p0.g3ee1fe4.assembly.stream" }, "product_reference": "openshift4/ose-cluster-machine-approver:v4.11.0-202208020235.p0.g3ee1fe4.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-monitoring-operator:v4.11.0-202208020235.p0.gfcc377d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-cluster-monitoring-operator:v4.11.0-202208020235.p0.gfcc377d.assembly.stream" }, "product_reference": "openshift4/ose-cluster-monitoring-operator:v4.11.0-202208020235.p0.gfcc377d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-network-operator:v4.11.0-202208020235.p0.g3528a6b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-cluster-network-operator:v4.11.0-202208020235.p0.g3528a6b.assembly.stream" }, "product_reference": "openshift4/ose-cluster-network-operator:v4.11.0-202208020235.p0.g3528a6b.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-node-tuning-operator:v4.11.0-202208020235.p0.ga7921b7.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-cluster-node-tuning-operator:v4.11.0-202208020235.p0.ga7921b7.assembly.stream" }, "product_reference": "openshift4/ose-cluster-node-tuning-operator:v4.11.0-202208020235.p0.ga7921b7.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-openshift-apiserver-operator:v4.11.0-202208020235.p0.g5ddbeef.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-apiserver-operator:v4.11.0-202208020235.p0.g5ddbeef.assembly.stream" }, "product_reference": "openshift4/ose-cluster-openshift-apiserver-operator:v4.11.0-202208020235.p0.g5ddbeef.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.11.0-202208020235.p0.g0315835.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-controller-manager-operator:v4.11.0-202208020235.p0.g0315835.assembly.stream" }, "product_reference": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.11.0-202208020235.p0.g0315835.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-policy-controller-rhel8:v4.11.0-202208020235.p0.gc7201ed.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-cluster-policy-controller-rhel8:v4.11.0-202208020235.p0.gc7201ed.assembly.stream" }, "product_reference": "openshift4/ose-cluster-policy-controller-rhel8:v4.11.0-202208020235.p0.gc7201ed.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-samples-operator:v4.11.0-202208020235.p0.g375a4a9.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-cluster-samples-operator:v4.11.0-202208020235.p0.g375a4a9.assembly.stream" }, "product_reference": "openshift4/ose-cluster-samples-operator:v4.11.0-202208020235.p0.g375a4a9.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-storage-operator:v4.11.0-202208020235.p0.gce8a6de.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-cluster-storage-operator:v4.11.0-202208020235.p0.gce8a6de.assembly.stream" }, "product_reference": "openshift4/ose-cluster-storage-operator:v4.11.0-202208020235.p0.gce8a6de.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-update-keys:v4.11.0-202207070244.p0.g289032f.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-cluster-update-keys:v4.11.0-202207070244.p0.g289032f.assembly.stream" }, "product_reference": "openshift4/ose-cluster-update-keys:v4.11.0-202207070244.p0.g289032f.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-version-operator:v4.11.0-202208020235.p0.g96cc88c.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-cluster-version-operator:v4.11.0-202208020235.p0.g96cc88c.assembly.stream" }, "product_reference": "openshift4/ose-cluster-version-operator:v4.11.0-202208020235.p0.g96cc88c.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-configmap-reloader:v4.11.0-202208020235.p0.gb7c03bb.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-configmap-reloader:v4.11.0-202208020235.p0.gb7c03bb.assembly.stream" }, "product_reference": "openshift4/ose-configmap-reloader:v4.11.0-202208020235.p0.gb7c03bb.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-console-operator:v4.11.0-202208020235.p0.g501e91f.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-console-operator:v4.11.0-202208020235.p0.g501e91f.assembly.stream" }, "product_reference": "openshift4/ose-console-operator:v4.11.0-202208020235.p0.g501e91f.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-console:v4.11.0-202208021257.p0.ge0d49a2.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-console:v4.11.0-202208021257.p0.ge0d49a2.assembly.stream" }, "product_reference": "openshift4/ose-console:v4.11.0-202208021257.p0.ge0d49a2.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-container-networking-plugins-rhel8:v4.11.0-202208020235.p0.g0ad9da6.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-container-networking-plugins-rhel8:v4.11.0-202208020235.p0.g0ad9da6.assembly.stream" }, "product_reference": "openshift4/ose-container-networking-plugins-rhel8:v4.11.0-202208020235.p0.g0ad9da6.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-coredns:v4.11.0-202208020235.p0.g7fe212f.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-coredns:v4.11.0-202208020235.p0.g7fe212f.assembly.stream" }, "product_reference": "openshift4/ose-coredns:v4.11.0-202208020235.p0.g7fe212f.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.11.0-202208020235.p0.g12cb253.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8-operator:v4.11.0-202208020235.p0.g12cb253.assembly.stream" }, "product_reference": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.11.0-202208020235.p0.g12cb253.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-driver-manila-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream" }, "product_reference": "openshift4/ose-csi-driver-manila-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-driver-nfs-rhel8:v4.11.0-202208020235.p0.gf144bb4.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-csi-driver-nfs-rhel8:v4.11.0-202208020235.p0.gf144bb4.assembly.stream" }, "product_reference": "openshift4/ose-csi-driver-nfs-rhel8:v4.11.0-202208020235.p0.gf144bb4.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.11.0-202208020706.p0.gd3985eb.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.11.0-202208020706.p0.gd3985eb.assembly.stream" }, "product_reference": "openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.11.0-202208020706.p0.gd3985eb.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-driver-shared-resource-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream" }, "product_reference": "openshift4/ose-csi-driver-shared-resource-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-driver-shared-resource-webhook-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-webhook-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream" }, "product_reference": "openshift4/ose-csi-driver-shared-resource-webhook-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-attacher-rhel8:v4.11.0-202208020235.p0.gda5442f.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher-rhel8:v4.11.0-202208020235.p0.gda5442f.assembly.stream" }, "product_reference": "openshift4/ose-csi-external-attacher-rhel8:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-attacher:v4.11.0-202208020235.p0.gda5442f.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher:v4.11.0-202208020235.p0.gda5442f.assembly.stream" }, "product_reference": "openshift4/ose-csi-external-attacher:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-provisioner-rhel8:v4.11.0-202208020235.p0.g86277ec.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner-rhel8:v4.11.0-202208020235.p0.g86277ec.assembly.stream" }, "product_reference": "openshift4/ose-csi-external-provisioner-rhel8:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-provisioner:v4.11.0-202208020235.p0.g86277ec.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner:v4.11.0-202208020235.p0.g86277ec.assembly.stream" }, "product_reference": "openshift4/ose-csi-external-provisioner:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-resizer-rhel8:v4.11.0-202208020235.p0.g2cea576.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer-rhel8:v4.11.0-202208020235.p0.g2cea576.assembly.stream" }, "product_reference": "openshift4/ose-csi-external-resizer-rhel8:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-resizer:v4.11.0-202208020235.p0.g2cea576.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer:v4.11.0-202208020235.p0.g2cea576.assembly.stream" }, "product_reference": "openshift4/ose-csi-external-resizer:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-snapshotter-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream" }, "product_reference": "openshift4/ose-csi-external-snapshotter-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-snapshotter:v4.11.0-202208020235.p0.g0afdf73.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter:v4.11.0-202208020235.p0.g0afdf73.assembly.stream" }, "product_reference": "openshift4/ose-csi-external-snapshotter:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-livenessprobe-rhel8:v4.11.0-202208020235.p0.g7319607.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe-rhel8:v4.11.0-202208020235.p0.g7319607.assembly.stream" }, "product_reference": "openshift4/ose-csi-livenessprobe-rhel8:v4.11.0-202208020235.p0.g7319607.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-livenessprobe:v4.11.0-202208020235.p0.g7319607.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe:v4.11.0-202208020235.p0.g7319607.assembly.stream" }, "product_reference": "openshift4/ose-csi-livenessprobe:v4.11.0-202208020235.p0.g7319607.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-node-driver-registrar-rhel8:v4.11.0-202208020235.p0.g710109c.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar-rhel8:v4.11.0-202208020235.p0.g710109c.assembly.stream" }, "product_reference": "openshift4/ose-csi-node-driver-registrar-rhel8:v4.11.0-202208020235.p0.g710109c.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-node-driver-registrar:v4.11.0-202208020235.p0.g710109c.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar:v4.11.0-202208020235.p0.g710109c.assembly.stream" }, "product_reference": "openshift4/ose-csi-node-driver-registrar:v4.11.0-202208020235.p0.g710109c.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-snapshot-controller-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream" }, "product_reference": "openshift4/ose-csi-snapshot-controller-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-snapshot-controller:v4.11.0-202208020235.p0.g0afdf73.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller:v4.11.0-202208020235.p0.g0afdf73.assembly.stream" }, "product_reference": "openshift4/ose-csi-snapshot-controller:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream" }, "product_reference": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-deployer:v4.11.0-202208020706.p0.g7075089.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-deployer:v4.11.0-202208020706.p0.g7075089.assembly.stream" }, "product_reference": "openshift4/ose-deployer:v4.11.0-202208020706.p0.g7075089.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-docker-builder:v4.11.0-202208020235.p0.gb500d85.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-docker-builder:v4.11.0-202208020235.p0.gb500d85.assembly.stream" }, "product_reference": "openshift4/ose-docker-builder:v4.11.0-202208020235.p0.gb500d85.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-docker-registry:v4.11.0-202208020235.p0.g9f07f43.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-docker-registry:v4.11.0-202208020235.p0.g9f07f43.assembly.stream" }, "product_reference": "openshift4/ose-docker-registry:v4.11.0-202208020235.p0.g9f07f43.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-etcd:v4.11.0-202208020235.p0.g80cc14e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-etcd:v4.11.0-202208020235.p0.g80cc14e.assembly.stream" }, "product_reference": "openshift4/ose-etcd:v4.11.0-202208020235.p0.g80cc14e.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g9a303b1.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g9a303b1.assembly.stream" }, "product_reference": "openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g9a303b1.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-gcp-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gff20dda.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-gcp-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gff20dda.assembly.stream" }, "product_reference": "openshift4/ose-gcp-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gff20dda.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gbc7bad4.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gbc7bad4.assembly.stream" }, "product_reference": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gbc7bad4.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.11.0-202208020235.p0.gf9d7fdc.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.11.0-202208020235.p0.gf9d7fdc.assembly.stream" }, "product_reference": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.11.0-202208020235.p0.gf9d7fdc.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-grafana:v4.11.0-202208020235.p0.g6773185.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-grafana:v4.11.0-202208020235.p0.g6773185.assembly.stream" }, "product_reference": "openshift4/ose-grafana:v4.11.0-202208020235.p0.g6773185.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-haproxy-router:v4.11.0-202208020235.p0.g601ba57.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-haproxy-router:v4.11.0-202208020235.p0.g601ba57.assembly.stream" }, "product_reference": "openshift4/ose-haproxy-router:v4.11.0-202208020235.p0.g601ba57.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-hyperkube:v4.11.0-202208020235.p0.g9546431.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-hyperkube:v4.11.0-202208020235.p0.g9546431.assembly.stream" }, "product_reference": "openshift4/ose-hyperkube:v4.11.0-202208020235.p0.g9546431.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-hypershift-rhel8:v4.11.0-202208020235.p0.g65f10a3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-hypershift-rhel8:v4.11.0-202208020235.p0.g65f10a3.assembly.stream" }, "product_reference": "openshift4/ose-hypershift-rhel8:v4.11.0-202208020235.p0.g65f10a3.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gce83696.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gce83696.assembly.stream" }, "product_reference": "openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gce83696.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.ge4a2180.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.ge4a2180.assembly.stream" }, "product_reference": "openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.ge4a2180.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.11.0-202208020235.p0.gc85624d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.11.0-202208020235.p0.gc85624d.assembly.stream" }, "product_reference": "openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.11.0-202208020235.p0.gc85624d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.11.0-202208020235.p0.g32e18fa.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.11.0-202208020235.p0.g32e18fa.assembly.stream" }, "product_reference": "openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.11.0-202208020235.p0.g32e18fa.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.11.0-202208020235.p0.g3bde969.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.11.0-202208020235.p0.g3bde969.assembly.stream" }, "product_reference": "openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.11.0-202208020235.p0.g3bde969.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-image-customization-controller-rhel8:v4.11.0-202208020235.p0.g42b4b1f.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-image-customization-controller-rhel8:v4.11.0-202208020235.p0.g42b4b1f.assembly.stream" }, "product_reference": "openshift4/ose-image-customization-controller-rhel8:v4.11.0-202208020235.p0.g42b4b1f.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-insights-rhel8-operator:v4.11.0-202208020235.p0.g0929403.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-insights-rhel8-operator:v4.11.0-202208020235.p0.g0929403.assembly.stream" }, "product_reference": "openshift4/ose-insights-rhel8-operator:v4.11.0-202208020235.p0.g0929403.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-installer-artifacts:v4.11.0-202208020706.p0.g3768430.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-installer-artifacts:v4.11.0-202208020706.p0.g3768430.assembly.stream" }, "product_reference": "openshift4/ose-installer-artifacts:v4.11.0-202208020706.p0.g3768430.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-installer:v4.11.0-202208020235.p0.g3768430.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-installer:v4.11.0-202208020235.p0.g3768430.assembly.stream" }, "product_reference": "openshift4/ose-installer:v4.11.0-202208020235.p0.g3768430.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ironic-agent-rhel8:v4.11.0-202207132222.p0.gd84c963.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-ironic-agent-rhel8:v4.11.0-202207132222.p0.gd84c963.assembly.stream" }, "product_reference": "openshift4/ose-ironic-agent-rhel8:v4.11.0-202207132222.p0.gd84c963.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.11.0-202208020235.p0.g81fe297.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.11.0-202208020235.p0.g81fe297.assembly.stream" }, "product_reference": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.11.0-202208020235.p0.g81fe297.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ironic-rhel8:v4.11.0-202207132222.p0.gb1863f8.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-ironic-rhel8:v4.11.0-202207132222.p0.gb1863f8.assembly.stream" }, "product_reference": "openshift4/ose-ironic-rhel8:v4.11.0-202207132222.p0.gb1863f8.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.11.0-202207070244.p0.g84a378e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-ironic-static-ip-manager-rhel8:v4.11.0-202207070244.p0.g84a378e.assembly.stream" }, "product_reference": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.11.0-202207070244.p0.g84a378e.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-k8s-prometheus-adapter:v4.11.0-202208020235.p0.g32fb8ea.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-k8s-prometheus-adapter:v4.11.0-202208020235.p0.g32fb8ea.assembly.stream" }, "product_reference": "openshift4/ose-k8s-prometheus-adapter:v4.11.0-202208020235.p0.g32fb8ea.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-keepalived-ipfailover:v4.11.0-202207070244.p0.gf1330f6.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-keepalived-ipfailover:v4.11.0-202207070244.p0.gf1330f6.assembly.stream" }, "product_reference": "openshift4/ose-keepalived-ipfailover:v4.11.0-202207070244.p0.gf1330f6.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-kube-proxy:v4.11.0-202208020235.p0.gb76d388.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-kube-proxy:v4.11.0-202208020235.p0.gb76d388.assembly.stream" }, "product_reference": "openshift4/ose-kube-proxy:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-kube-rbac-proxy:v4.11.0-202208020235.p0.ga805ba5.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-kube-rbac-proxy:v4.11.0-202208020235.p0.ga805ba5.assembly.stream" }, "product_reference": "openshift4/ose-kube-rbac-proxy:v4.11.0-202208020235.p0.ga805ba5.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-kube-state-metrics:v4.11.0-202208020235.p0.g896d000.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-kube-state-metrics:v4.11.0-202208020235.p0.g896d000.assembly.stream" }, "product_reference": "openshift4/ose-kube-state-metrics:v4.11.0-202208020235.p0.g896d000.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.11.0-202208020235.p0.g596745c.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-kube-storage-version-migrator-rhel8:v4.11.0-202208020235.p0.g596745c.assembly.stream" }, "product_reference": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.11.0-202208020235.p0.g596745c.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-kuryr-cni-rhel8:v4.11.0-202208020235.p0.g66c0cec.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-kuryr-cni-rhel8:v4.11.0-202208020235.p0.g66c0cec.assembly.stream" }, "product_reference": "openshift4/ose-kuryr-cni-rhel8:v4.11.0-202208020235.p0.g66c0cec.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-kuryr-controller-rhel8:v4.11.0-202208011446.p0.g66c0cec.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-kuryr-controller-rhel8:v4.11.0-202208011446.p0.g66c0cec.assembly.stream" }, "product_reference": "openshift4/ose-kuryr-controller-rhel8:v4.11.0-202208011446.p0.g66c0cec.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-libvirt-machine-controllers:v4.11.0-202208020235.p0.gb6e14ea.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-libvirt-machine-controllers:v4.11.0-202208020235.p0.gb6e14ea.assembly.stream" }, "product_reference": "openshift4/ose-libvirt-machine-controllers:v4.11.0-202208020235.p0.gb6e14ea.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-machine-api-operator:v4.11.0-202208020235.p0.g4e3e83c.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-machine-api-operator:v4.11.0-202208020235.p0.g4e3e83c.assembly.stream" }, "product_reference": "openshift4/ose-machine-api-operator:v4.11.0-202208020235.p0.g4e3e83c.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-machine-api-provider-aws-rhel8:v4.11.0-202208020235.p0.gd701bcb.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-aws-rhel8:v4.11.0-202208020235.p0.gd701bcb.assembly.stream" }, "product_reference": "openshift4/ose-machine-api-provider-aws-rhel8:v4.11.0-202208020235.p0.gd701bcb.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-machine-api-provider-azure-rhel8:v4.11.0-202208020706.p0.g93b3f9e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-azure-rhel8:v4.11.0-202208020706.p0.g93b3f9e.assembly.stream" }, "product_reference": "openshift4/ose-machine-api-provider-azure-rhel8:v4.11.0-202208020706.p0.g93b3f9e.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-machine-api-provider-gcp-rhel8:v4.11.0-202208020235.p0.g17a3a9f.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-gcp-rhel8:v4.11.0-202208020235.p0.g17a3a9f.assembly.stream" }, "product_reference": "openshift4/ose-machine-api-provider-gcp-rhel8:v4.11.0-202208020235.p0.g17a3a9f.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-machine-api-provider-openstack-rhel8:v4.11.0-202208020235.p0.geb7e497.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-openstack-rhel8:v4.11.0-202208020235.p0.geb7e497.assembly.stream" }, "product_reference": "openshift4/ose-machine-api-provider-openstack-rhel8:v4.11.0-202208020235.p0.geb7e497.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-machine-config-operator:v4.11.0-202208020235.p0.ge722bb7.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-machine-config-operator:v4.11.0-202208020235.p0.ge722bb7.assembly.stream" }, "product_reference": "openshift4/ose-machine-config-operator:v4.11.0-202208020235.p0.ge722bb7.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-machine-os-images-rhel8:v4.11.0-202208020235.p0.g1150735.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-machine-os-images-rhel8:v4.11.0-202208020235.p0.g1150735.assembly.stream" }, "product_reference": "openshift4/ose-machine-os-images-rhel8:v4.11.0-202208020235.p0.g1150735.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-multus-admission-controller:v4.11.0-202208020235.p0.gf38aae4.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-multus-admission-controller:v4.11.0-202208020235.p0.gf38aae4.assembly.stream" }, "product_reference": "openshift4/ose-multus-admission-controller:v4.11.0-202208020235.p0.gf38aae4.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-multus-cni:v4.11.0-202208020235.p0.g3cc5a3a.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-multus-cni:v4.11.0-202208020235.p0.g3cc5a3a.assembly.stream" }, "product_reference": "openshift4/ose-multus-cni:v4.11.0-202208020235.p0.g3cc5a3a.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-multus-networkpolicy-rhel8:v4.11.0-202208020706.p0.g643fdaf.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-multus-networkpolicy-rhel8:v4.11.0-202208020706.p0.g643fdaf.assembly.stream" }, "product_reference": "openshift4/ose-multus-networkpolicy-rhel8:v4.11.0-202208020706.p0.g643fdaf.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-multus-route-override-cni-rhel8:v4.11.0-202208020235.p0.g523b790.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-multus-route-override-cni-rhel8:v4.11.0-202208020235.p0.g523b790.assembly.stream" }, "product_reference": "openshift4/ose-multus-route-override-cni-rhel8:v4.11.0-202208020235.p0.g523b790.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.11.0-202208020235.p0.g9951259.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.11.0-202208020235.p0.g9951259.assembly.stream" }, "product_reference": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.11.0-202208020235.p0.g9951259.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-must-gather:v4.11.0-202208020706.p0.g32bca40.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-must-gather:v4.11.0-202208020706.p0.g32bca40.assembly.stream" }, "product_reference": "openshift4/ose-must-gather:v4.11.0-202208020706.p0.g32bca40.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-network-interface-bond-cni-rhel8:v4.11.0-202208020235.p0.gd69bd07.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-network-interface-bond-cni-rhel8:v4.11.0-202208020235.p0.gd69bd07.assembly.stream" }, "product_reference": "openshift4/ose-network-interface-bond-cni-rhel8:v4.11.0-202208020235.p0.gd69bd07.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-network-metrics-daemon-rhel8:v4.11.0-202208020235.p0.g9482ac9.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-network-metrics-daemon-rhel8:v4.11.0-202208020235.p0.g9482ac9.assembly.stream" }, "product_reference": "openshift4/ose-network-metrics-daemon-rhel8:v4.11.0-202208020235.p0.g9482ac9.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-nutanix-machine-controllers-rhel8:v4.11.0-202208020235.p0.ga94eb77.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-nutanix-machine-controllers-rhel8:v4.11.0-202208020235.p0.ga94eb77.assembly.stream" }, "product_reference": "openshift4/ose-nutanix-machine-controllers-rhel8:v4.11.0-202208020235.p0.ga94eb77.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-oauth-apiserver-rhel8:v4.11.0-202208020235.p0.gf60f1c1.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-oauth-apiserver-rhel8:v4.11.0-202208020235.p0.gf60f1c1.assembly.stream" }, "product_reference": "openshift4/ose-oauth-apiserver-rhel8:v4.11.0-202208020235.p0.gf60f1c1.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-oauth-proxy:v4.11.0-202208020235.p0.gaad1b28.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-oauth-proxy:v4.11.0-202208020235.p0.gaad1b28.assembly.stream" }, "product_reference": "openshift4/ose-oauth-proxy:v4.11.0-202208020235.p0.gaad1b28.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-oauth-server-rhel8:v4.11.0-202208020235.p0.g8d80088.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-oauth-server-rhel8:v4.11.0-202208020235.p0.g8d80088.assembly.stream" }, "product_reference": "openshift4/ose-oauth-server-rhel8:v4.11.0-202208020235.p0.g8d80088.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-openshift-apiserver-rhel8:v4.11.0-202208020235.p0.g4b6f874.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-openshift-apiserver-rhel8:v4.11.0-202208020235.p0.g4b6f874.assembly.stream" }, "product_reference": "openshift4/ose-openshift-apiserver-rhel8:v4.11.0-202208020235.p0.g4b6f874.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-openshift-controller-manager-rhel8:v4.11.0-202208020235.p0.g46157a3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-openshift-controller-manager-rhel8:v4.11.0-202208020235.p0.g46157a3.assembly.stream" }, "product_reference": "openshift4/ose-openshift-controller-manager-rhel8:v4.11.0-202208020235.p0.g46157a3.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-openshift-state-metrics-rhel8:v4.11.0-202208020235.p0.g1a7a5dc.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-openshift-state-metrics-rhel8:v4.11.0-202208020235.p0.g1a7a5dc.assembly.stream" }, "product_reference": "openshift4/ose-openshift-state-metrics-rhel8:v4.11.0-202208020235.p0.g1a7a5dc.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gae4c45c.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gae4c45c.assembly.stream" }, "product_reference": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gae4c45c.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream" }, "product_reference": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream" }, "product_reference": "openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-openstack-machine-controllers:v4.11.0-202208020235.p0.g440ca42.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-openstack-machine-controllers:v4.11.0-202208020235.p0.g440ca42.assembly.stream" }, "product_reference": "openshift4/ose-openstack-machine-controllers:v4.11.0-202208020235.p0.g440ca42.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-operator-lifecycle-manager:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-operator-lifecycle-manager:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream" }, "product_reference": "openshift4/ose-operator-lifecycle-manager:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-operator-marketplace:v4.11.0-202208020235.p0.g040c64e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-operator-marketplace:v4.11.0-202208020235.p0.g040c64e.assembly.stream" }, "product_reference": "openshift4/ose-operator-marketplace:v4.11.0-202208020235.p0.g040c64e.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-operator-registry:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-operator-registry:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream" }, "product_reference": "openshift4/ose-operator-registry:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.11.0-202208020235.p0.g5a93d94.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-ovirt-machine-controllers-rhel8:v4.11.0-202208020235.p0.g5a93d94.assembly.stream" }, "product_reference": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.11.0-202208020235.p0.g5a93d94.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ovn-kubernetes:v4.11.0-202208020706.p0.g2e00ec0.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-ovn-kubernetes:v4.11.0-202208020706.p0.g2e00ec0.assembly.stream" }, "product_reference": "openshift4/ose-ovn-kubernetes:v4.11.0-202208020706.p0.g2e00ec0.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-pod:v4.11.0-202208020235.p0.g9546431.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-pod:v4.11.0-202208020235.p0.g9546431.assembly.stream" }, "product_reference": "openshift4/ose-pod:v4.11.0-202208020235.p0.g9546431.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-powervs-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g8ace6e9.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-powervs-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g8ace6e9.assembly.stream" }, "product_reference": "openshift4/ose-powervs-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g8ace6e9.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-powervs-machine-controllers-rhel8:v4.11.0-202208020235.p0.g76649b3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-powervs-machine-controllers-rhel8:v4.11.0-202208020235.p0.g76649b3.assembly.stream" }, "product_reference": "openshift4/ose-powervs-machine-controllers-rhel8:v4.11.0-202208020235.p0.g76649b3.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-prom-label-proxy:v4.11.0-202208020235.p0.gaf12fbc.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-prom-label-proxy:v4.11.0-202208020235.p0.gaf12fbc.assembly.stream" }, "product_reference": "openshift4/ose-prom-label-proxy:v4.11.0-202208020235.p0.gaf12fbc.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-prometheus-alertmanager:v4.11.0-202208020235.p0.g05cfc39.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-prometheus-alertmanager:v4.11.0-202208020235.p0.g05cfc39.assembly.stream" }, "product_reference": "openshift4/ose-prometheus-alertmanager:v4.11.0-202208020235.p0.g05cfc39.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-prometheus-config-reloader:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-prometheus-config-reloader:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream" }, "product_reference": "openshift4/ose-prometheus-config-reloader:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-prometheus-node-exporter:v4.11.0-202208020235.p0.g0102201.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-prometheus-node-exporter:v4.11.0-202208020235.p0.g0102201.assembly.stream" }, "product_reference": "openshift4/ose-prometheus-node-exporter:v4.11.0-202208020235.p0.g0102201.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-prometheus-operator-admission-webhook-rhel8:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator-admission-webhook-rhel8:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream" }, "product_reference": "openshift4/ose-prometheus-operator-admission-webhook-rhel8:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-prometheus-operator:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream" }, "product_reference": "openshift4/ose-prometheus-operator:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-prometheus:v4.11.0-202208020235.p0.gd2dfc27.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-prometheus:v4.11.0-202208020235.p0.gd2dfc27.assembly.stream" }, "product_reference": "openshift4/ose-prometheus:v4.11.0-202208020235.p0.gd2dfc27.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sdn-rhel8:v4.11.0-202208020235.p0.gb76d388.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-sdn-rhel8:v4.11.0-202208020235.p0.gb76d388.assembly.stream" }, "product_reference": "openshift4/ose-sdn-rhel8:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-service-ca-operator:v4.11.0-202208020235.p0.g0899d11.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-service-ca-operator:v4.11.0-202208020235.p0.g0899d11.assembly.stream" }, "product_reference": "openshift4/ose-service-ca-operator:v4.11.0-202208020235.p0.g0899d11.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-telemeter:v4.11.0-202208020235.p0.g77b2966.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-telemeter:v4.11.0-202208020235.p0.g77b2966.assembly.stream" }, "product_reference": "openshift4/ose-telemeter:v4.11.0-202208020235.p0.g77b2966.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-tests:v4.11.0-202208020706.p0.gb860532.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-tests:v4.11.0-202208020706.p0.gb860532.assembly.stream" }, "product_reference": "openshift4/ose-tests:v4.11.0-202208020706.p0.gb860532.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-thanos-rhel8:v4.11.0-202208020235.p0.gf08da2d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-thanos-rhel8:v4.11.0-202208020235.p0.gf08da2d.assembly.stream" }, "product_reference": "openshift4/ose-thanos-rhel8:v4.11.0-202208020235.p0.gf08da2d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-tools-rhel8:v4.11.0-202208020706.p0.g7075089.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-tools-rhel8:v4.11.0-202208020706.p0.g7075089.assembly.stream" }, "product_reference": "openshift4/ose-tools-rhel8:v4.11.0-202208020706.p0.g7075089.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream" }, "product_reference": "openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream" }, "product_reference": "openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g6fd8e8d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g6fd8e8d.assembly.stream" }, "product_reference": "openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g6fd8e8d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vsphere-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gf67d1d0.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-vsphere-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gf67d1d0.assembly.stream" }, "product_reference": "openshift4/ose-vsphere-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gf67d1d0.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream" }, "product_reference": "openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream" }, "product_reference": "openshift4/ose-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream" }, "product_reference": "openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vsphere-problem-detector-rhel8:v4.11.0-202208020235.p0.g5910f33.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ose-vsphere-problem-detector-rhel8:v4.11.0-202208020235.p0.g5910f33.assembly.stream" }, "product_reference": "openshift4/ose-vsphere-problem-detector-rhel8:v4.11.0-202208020235.p0.g5910f33.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ovirt-csi-driver-rhel7:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel7:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream" }, "product_reference": "openshift4/ovirt-csi-driver-rhel7:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ovirt-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g7a30e38.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g7a30e38.assembly.stream" }, "product_reference": "openshift4/ovirt-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g7a30e38.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ovirt-csi-driver-rhel8:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.11", "product_id": "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream" }, "product_reference": "openshift4/ovirt-csi-driver-rhel8:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.11" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-23566", "cwe": { "id": "CWE-212", "name": "Improper Removal of Sensitive Information Before Storage or Transfer" }, "discovery_date": "2022-02-04T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.11:openshift4/cloud-network-config-controller-rhel8:v4.11.0-202208020706.p0.g7a3c3c9.assembly.stream", "8Base-RHOSE-4.11:openshift4/driver-toolkit-rhel8:v4.11.0-202208020947.p0.g4e799c0.assembly.stream", "8Base-RHOSE-4.11:openshift4/egress-router-cni-rhel8:v4.11.0-202208020235.p0.gfccaf1d.assembly.stream", "8Base-RHOSE-4.11:openshift4/network-tools-rhel8:v4.11.0-202208020947.p0.g1845124.assembly.stream", "8Base-RHOSE-4.11:openshift4/oc-mirror-plugin-rhel8:v4.11.0-202208020235.p0.g3c1c80c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-api-server-rhel8:v4.11.0-202208020706.p0.g0f52647.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-csr-approver-rhel8:v4.11.0-202208020706.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-node-agent-rhel8:v4.11.0-202208020235.p0.gb17b06b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-orchestrator-rhel8:v4.11.0-202208020235.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g79dddb1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.11.0-202208020235.p0.g8dd7ae6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.11.0-202208020235.p0.gf70a51b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-machine-controllers-rhel8:v4.11.0-202208020235.p0.g4145108.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-apiserver-network-proxy-rhel8:v4.11.0-202208020235.p0.g1966e0d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gea1a9b2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gb3fe15b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g2c7529e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.11.0-202208020235.p0.g7564046.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.11.0-202208020235.p0.ga085f1c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-node-manager-rhel8:v4.11.0-202208020706.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.ga851a35.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gc4197c3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8:v4.11.0-202208020235.p0.g0fe424e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gcbe7044.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-rhel8:v4.11.0-202208020235.p0.g67c3831.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-installer-rhel8:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-rhel8-operator:v4.11.0-202208020235.p0.g22b522c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-runtimecfg-rhel8:v4.11.0-202208020235.p0.g70d770d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli-artifacts:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cloud-credential-operator:v4.11.0-202208020235.p0.g9a40d74.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-api-rhel8:v4.11.0-202208020235.p0.gf9c215c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-authentication-operator:v4.11.0-202208020235.p0.ge2bcbaa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler-operator:v4.11.0-202208020706.p0.gfcffbcd.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler:v4.11.0-202208020235.p0.g80a9b6d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202208020235.p0.g0f415d1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-bootstrap:v4.11.0-202208020235.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-operator-container-rhel8:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-rhel8-operator:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.11.0-202208020235.p0.gc2f2cbf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-config-operator:v4.11.0-202208020235.p0.g0e01b06.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.11.0-202208020706.p0.g8d0774f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-dns-operator:v4.11.0-202208020235.p0.g8998093.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-etcd-rhel8-operator:v4.11.0-202208020235.p0.gbcae2f3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-image-registry-operator:v4.11.0-202208020235.p0.g4d66ea3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-ingress-operator:v4.11.0-202208020235.p0.g2432dad.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-apiserver-operator:v4.11.0-202208020235.p0.gc7c94db.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-cluster-api-rhel8-operator:v4.11.0-202208020235.p0.g55efc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-controller-manager-operator:v4.11.0-202208020235.p0.ga6cb428.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-scheduler-operator:v4.11.0-202208020235.p0.gb8fed26.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.11.0-202208020235.p0.g12d050a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-machine-approver:v4.11.0-202208020235.p0.g3ee1fe4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-monitoring-operator:v4.11.0-202208020235.p0.gfcc377d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-network-operator:v4.11.0-202208020235.p0.g3528a6b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-node-tuning-operator:v4.11.0-202208020235.p0.ga7921b7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-apiserver-operator:v4.11.0-202208020235.p0.g5ddbeef.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-controller-manager-operator:v4.11.0-202208020235.p0.g0315835.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-policy-controller-rhel8:v4.11.0-202208020235.p0.gc7201ed.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-samples-operator:v4.11.0-202208020235.p0.g375a4a9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-storage-operator:v4.11.0-202208020235.p0.gce8a6de.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-update-keys:v4.11.0-202207070244.p0.g289032f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-version-operator:v4.11.0-202208020235.p0.g96cc88c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-configmap-reloader:v4.11.0-202208020235.p0.gb7c03bb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console-operator:v4.11.0-202208020235.p0.g501e91f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console:v4.11.0-202208021257.p0.ge0d49a2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-container-networking-plugins-rhel8:v4.11.0-202208020235.p0.g0ad9da6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-coredns:v4.11.0-202208020235.p0.g7fe212f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8-operator:v4.11.0-202208020235.p0.g12cb253.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-nfs-rhel8:v4.11.0-202208020235.p0.gf144bb4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.11.0-202208020706.p0.gd3985eb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-webhook-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher-rhel8:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner-rhel8:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer-rhel8:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe-rhel8:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar-rhel8:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-deployer:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-builder:v4.11.0-202208020235.p0.gb500d85.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-registry:v4.11.0-202208020235.p0.g9f07f43.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-etcd:v4.11.0-202208020235.p0.g80cc14e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g9a303b1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gff20dda.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gbc7bad4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.11.0-202208020235.p0.gf9d7fdc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-grafana:v4.11.0-202208020235.p0.g6773185.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-haproxy-router:v4.11.0-202208020235.p0.g601ba57.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hyperkube:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hypershift-rhel8:v4.11.0-202208020235.p0.g65f10a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gce83696.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.ge4a2180.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.11.0-202208020235.p0.gc85624d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.11.0-202208020235.p0.g32e18fa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.11.0-202208020235.p0.g3bde969.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-image-customization-controller-rhel8:v4.11.0-202208020235.p0.g42b4b1f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-insights-rhel8-operator:v4.11.0-202208020235.p0.g0929403.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer-artifacts:v4.11.0-202208020706.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-agent-rhel8:v4.11.0-202207132222.p0.gd84c963.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.11.0-202208020235.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-rhel8:v4.11.0-202207132222.p0.gb1863f8.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-static-ip-manager-rhel8:v4.11.0-202207070244.p0.g84a378e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-k8s-prometheus-adapter:v4.11.0-202208020235.p0.g32fb8ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-keepalived-ipfailover:v4.11.0-202207070244.p0.gf1330f6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-proxy:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-rbac-proxy:v4.11.0-202208020235.p0.ga805ba5.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-state-metrics:v4.11.0-202208020235.p0.g896d000.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-storage-version-migrator-rhel8:v4.11.0-202208020235.p0.g596745c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-cni-rhel8:v4.11.0-202208020235.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-controller-rhel8:v4.11.0-202208011446.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-libvirt-machine-controllers:v4.11.0-202208020235.p0.gb6e14ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-operator:v4.11.0-202208020235.p0.g4e3e83c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-aws-rhel8:v4.11.0-202208020235.p0.gd701bcb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-azure-rhel8:v4.11.0-202208020706.p0.g93b3f9e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-gcp-rhel8:v4.11.0-202208020235.p0.g17a3a9f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-openstack-rhel8:v4.11.0-202208020235.p0.geb7e497.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-config-operator:v4.11.0-202208020235.p0.ge722bb7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-os-images-rhel8:v4.11.0-202208020235.p0.g1150735.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-admission-controller:v4.11.0-202208020235.p0.gf38aae4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-cni:v4.11.0-202208020235.p0.g3cc5a3a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-networkpolicy-rhel8:v4.11.0-202208020706.p0.g643fdaf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-route-override-cni-rhel8:v4.11.0-202208020235.p0.g523b790.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.11.0-202208020235.p0.g9951259.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-must-gather:v4.11.0-202208020706.p0.g32bca40.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-interface-bond-cni-rhel8:v4.11.0-202208020235.p0.gd69bd07.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-metrics-daemon-rhel8:v4.11.0-202208020235.p0.g9482ac9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-nutanix-machine-controllers-rhel8:v4.11.0-202208020235.p0.ga94eb77.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-apiserver-rhel8:v4.11.0-202208020235.p0.gf60f1c1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-proxy:v4.11.0-202208020235.p0.gaad1b28.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-server-rhel8:v4.11.0-202208020235.p0.g8d80088.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-apiserver-rhel8:v4.11.0-202208020235.p0.g4b6f874.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-controller-manager-rhel8:v4.11.0-202208020235.p0.g46157a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-state-metrics-rhel8:v4.11.0-202208020235.p0.g1a7a5dc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gae4c45c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-machine-controllers:v4.11.0-202208020235.p0.g440ca42.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-lifecycle-manager:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-marketplace:v4.11.0-202208020235.p0.g040c64e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-registry:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovirt-machine-controllers-rhel8:v4.11.0-202208020235.p0.g5a93d94.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovn-kubernetes:v4.11.0-202208020706.p0.g2e00ec0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-pod:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g8ace6e9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-machine-controllers-rhel8:v4.11.0-202208020235.p0.g76649b3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prom-label-proxy:v4.11.0-202208020235.p0.gaf12fbc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-alertmanager:v4.11.0-202208020235.p0.g05cfc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-config-reloader:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-node-exporter:v4.11.0-202208020235.p0.g0102201.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator-admission-webhook-rhel8:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus:v4.11.0-202208020235.p0.gd2dfc27.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-sdn-rhel8:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-service-ca-operator:v4.11.0-202208020235.p0.g0899d11.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-telemeter:v4.11.0-202208020235.p0.g77b2966.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tests:v4.11.0-202208020706.p0.gb860532.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tools-rhel8:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g6fd8e8d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gf67d1d0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-problem-detector-rhel8:v4.11.0-202208020235.p0.g5910f33.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel7:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g7a30e38.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=2050853" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in the nanoid library where the valueOf() function allows the reproduction of the last id generated. This flaw allows an attacker to expose sensitive information.", "title": "Vulnerability description" }, { "category": "summary", "text": "nanoid: Information disclosure via valueOf() function", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.11:openshift4/ose-thanos-rhel8:v4.11.0-202208020235.p0.gf08da2d.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.11:openshift4/cloud-network-config-controller-rhel8:v4.11.0-202208020706.p0.g7a3c3c9.assembly.stream", "8Base-RHOSE-4.11:openshift4/driver-toolkit-rhel8:v4.11.0-202208020947.p0.g4e799c0.assembly.stream", "8Base-RHOSE-4.11:openshift4/egress-router-cni-rhel8:v4.11.0-202208020235.p0.gfccaf1d.assembly.stream", "8Base-RHOSE-4.11:openshift4/network-tools-rhel8:v4.11.0-202208020947.p0.g1845124.assembly.stream", "8Base-RHOSE-4.11:openshift4/oc-mirror-plugin-rhel8:v4.11.0-202208020235.p0.g3c1c80c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-api-server-rhel8:v4.11.0-202208020706.p0.g0f52647.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-csr-approver-rhel8:v4.11.0-202208020706.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-node-agent-rhel8:v4.11.0-202208020235.p0.gb17b06b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-orchestrator-rhel8:v4.11.0-202208020235.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g79dddb1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.11.0-202208020235.p0.g8dd7ae6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.11.0-202208020235.p0.gf70a51b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-machine-controllers-rhel8:v4.11.0-202208020235.p0.g4145108.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-apiserver-network-proxy-rhel8:v4.11.0-202208020235.p0.g1966e0d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gea1a9b2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gb3fe15b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g2c7529e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.11.0-202208020235.p0.g7564046.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.11.0-202208020235.p0.ga085f1c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-node-manager-rhel8:v4.11.0-202208020706.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.ga851a35.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gc4197c3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8:v4.11.0-202208020235.p0.g0fe424e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gcbe7044.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-rhel8:v4.11.0-202208020235.p0.g67c3831.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-installer-rhel8:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-rhel8-operator:v4.11.0-202208020235.p0.g22b522c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-runtimecfg-rhel8:v4.11.0-202208020235.p0.g70d770d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli-artifacts:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cloud-credential-operator:v4.11.0-202208020235.p0.g9a40d74.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-api-rhel8:v4.11.0-202208020235.p0.gf9c215c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-authentication-operator:v4.11.0-202208020235.p0.ge2bcbaa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler-operator:v4.11.0-202208020706.p0.gfcffbcd.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler:v4.11.0-202208020235.p0.g80a9b6d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202208020235.p0.g0f415d1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-bootstrap:v4.11.0-202208020235.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-operator-container-rhel8:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-rhel8-operator:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.11.0-202208020235.p0.gc2f2cbf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-config-operator:v4.11.0-202208020235.p0.g0e01b06.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.11.0-202208020706.p0.g8d0774f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-dns-operator:v4.11.0-202208020235.p0.g8998093.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-etcd-rhel8-operator:v4.11.0-202208020235.p0.gbcae2f3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-image-registry-operator:v4.11.0-202208020235.p0.g4d66ea3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-ingress-operator:v4.11.0-202208020235.p0.g2432dad.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-apiserver-operator:v4.11.0-202208020235.p0.gc7c94db.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-cluster-api-rhel8-operator:v4.11.0-202208020235.p0.g55efc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-controller-manager-operator:v4.11.0-202208020235.p0.ga6cb428.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-scheduler-operator:v4.11.0-202208020235.p0.gb8fed26.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.11.0-202208020235.p0.g12d050a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-machine-approver:v4.11.0-202208020235.p0.g3ee1fe4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-monitoring-operator:v4.11.0-202208020235.p0.gfcc377d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-network-operator:v4.11.0-202208020235.p0.g3528a6b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-node-tuning-operator:v4.11.0-202208020235.p0.ga7921b7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-apiserver-operator:v4.11.0-202208020235.p0.g5ddbeef.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-controller-manager-operator:v4.11.0-202208020235.p0.g0315835.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-policy-controller-rhel8:v4.11.0-202208020235.p0.gc7201ed.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-samples-operator:v4.11.0-202208020235.p0.g375a4a9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-storage-operator:v4.11.0-202208020235.p0.gce8a6de.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-update-keys:v4.11.0-202207070244.p0.g289032f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-version-operator:v4.11.0-202208020235.p0.g96cc88c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-configmap-reloader:v4.11.0-202208020235.p0.gb7c03bb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console-operator:v4.11.0-202208020235.p0.g501e91f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console:v4.11.0-202208021257.p0.ge0d49a2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-container-networking-plugins-rhel8:v4.11.0-202208020235.p0.g0ad9da6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-coredns:v4.11.0-202208020235.p0.g7fe212f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8-operator:v4.11.0-202208020235.p0.g12cb253.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-nfs-rhel8:v4.11.0-202208020235.p0.gf144bb4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.11.0-202208020706.p0.gd3985eb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-webhook-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher-rhel8:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner-rhel8:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer-rhel8:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe-rhel8:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar-rhel8:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-deployer:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-builder:v4.11.0-202208020235.p0.gb500d85.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-registry:v4.11.0-202208020235.p0.g9f07f43.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-etcd:v4.11.0-202208020235.p0.g80cc14e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g9a303b1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gff20dda.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gbc7bad4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.11.0-202208020235.p0.gf9d7fdc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-grafana:v4.11.0-202208020235.p0.g6773185.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-haproxy-router:v4.11.0-202208020235.p0.g601ba57.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hyperkube:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hypershift-rhel8:v4.11.0-202208020235.p0.g65f10a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gce83696.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.ge4a2180.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.11.0-202208020235.p0.gc85624d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.11.0-202208020235.p0.g32e18fa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.11.0-202208020235.p0.g3bde969.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-image-customization-controller-rhel8:v4.11.0-202208020235.p0.g42b4b1f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-insights-rhel8-operator:v4.11.0-202208020235.p0.g0929403.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer-artifacts:v4.11.0-202208020706.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-agent-rhel8:v4.11.0-202207132222.p0.gd84c963.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.11.0-202208020235.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-rhel8:v4.11.0-202207132222.p0.gb1863f8.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-static-ip-manager-rhel8:v4.11.0-202207070244.p0.g84a378e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-k8s-prometheus-adapter:v4.11.0-202208020235.p0.g32fb8ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-keepalived-ipfailover:v4.11.0-202207070244.p0.gf1330f6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-proxy:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-rbac-proxy:v4.11.0-202208020235.p0.ga805ba5.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-state-metrics:v4.11.0-202208020235.p0.g896d000.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-storage-version-migrator-rhel8:v4.11.0-202208020235.p0.g596745c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-cni-rhel8:v4.11.0-202208020235.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-controller-rhel8:v4.11.0-202208011446.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-libvirt-machine-controllers:v4.11.0-202208020235.p0.gb6e14ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-operator:v4.11.0-202208020235.p0.g4e3e83c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-aws-rhel8:v4.11.0-202208020235.p0.gd701bcb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-azure-rhel8:v4.11.0-202208020706.p0.g93b3f9e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-gcp-rhel8:v4.11.0-202208020235.p0.g17a3a9f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-openstack-rhel8:v4.11.0-202208020235.p0.geb7e497.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-config-operator:v4.11.0-202208020235.p0.ge722bb7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-os-images-rhel8:v4.11.0-202208020235.p0.g1150735.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-admission-controller:v4.11.0-202208020235.p0.gf38aae4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-cni:v4.11.0-202208020235.p0.g3cc5a3a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-networkpolicy-rhel8:v4.11.0-202208020706.p0.g643fdaf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-route-override-cni-rhel8:v4.11.0-202208020235.p0.g523b790.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.11.0-202208020235.p0.g9951259.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-must-gather:v4.11.0-202208020706.p0.g32bca40.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-interface-bond-cni-rhel8:v4.11.0-202208020235.p0.gd69bd07.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-metrics-daemon-rhel8:v4.11.0-202208020235.p0.g9482ac9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-nutanix-machine-controllers-rhel8:v4.11.0-202208020235.p0.ga94eb77.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-apiserver-rhel8:v4.11.0-202208020235.p0.gf60f1c1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-proxy:v4.11.0-202208020235.p0.gaad1b28.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-server-rhel8:v4.11.0-202208020235.p0.g8d80088.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-apiserver-rhel8:v4.11.0-202208020235.p0.g4b6f874.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-controller-manager-rhel8:v4.11.0-202208020235.p0.g46157a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-state-metrics-rhel8:v4.11.0-202208020235.p0.g1a7a5dc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gae4c45c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-machine-controllers:v4.11.0-202208020235.p0.g440ca42.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-lifecycle-manager:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-marketplace:v4.11.0-202208020235.p0.g040c64e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-registry:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovirt-machine-controllers-rhel8:v4.11.0-202208020235.p0.g5a93d94.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovn-kubernetes:v4.11.0-202208020706.p0.g2e00ec0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-pod:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g8ace6e9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-machine-controllers-rhel8:v4.11.0-202208020235.p0.g76649b3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prom-label-proxy:v4.11.0-202208020235.p0.gaf12fbc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-alertmanager:v4.11.0-202208020235.p0.g05cfc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-config-reloader:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-node-exporter:v4.11.0-202208020235.p0.g0102201.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator-admission-webhook-rhel8:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus:v4.11.0-202208020235.p0.gd2dfc27.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-sdn-rhel8:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-service-ca-operator:v4.11.0-202208020235.p0.g0899d11.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-telemeter:v4.11.0-202208020235.p0.g77b2966.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tests:v4.11.0-202208020706.p0.gb860532.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tools-rhel8:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g6fd8e8d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gf67d1d0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-problem-detector-rhel8:v4.11.0-202208020235.p0.g5910f33.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel7:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g7a30e38.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23566", "url": "https://www.cve.org/CVERecord?id=CVE-2021-23566" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23566", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23566" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2", "url": "https://github.com/advisories/GHSA-qrpm-p2h7-hrv2" }, { "category": "external", "summary": "CVE-2021-23566", "url": "https://access.redhat.com/security/cve/CVE-2021-23566" }, { "category": "external", "summary": "bz#2050853: CVE-2021-23566 nanoid: Information disclosure via valueOf() function", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050853" } ], "release_date": "2022-01-21T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.11:openshift4/ose-thanos-rhel8:v4.11.0-202208020235.p0.gf08da2d.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2022:5069" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.11:openshift4/ose-thanos-rhel8:v4.11.0-202208020235.p0.gf08da2d.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2022-02-04T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2021-23566 nanoid: Information disclosure via valueOf() function" }, { "cve": "CVE-2021-23648", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-03-17T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.11:openshift4/cloud-network-config-controller-rhel8:v4.11.0-202208020706.p0.g7a3c3c9.assembly.stream", "8Base-RHOSE-4.11:openshift4/driver-toolkit-rhel8:v4.11.0-202208020947.p0.g4e799c0.assembly.stream", "8Base-RHOSE-4.11:openshift4/egress-router-cni-rhel8:v4.11.0-202208020235.p0.gfccaf1d.assembly.stream", "8Base-RHOSE-4.11:openshift4/network-tools-rhel8:v4.11.0-202208020947.p0.g1845124.assembly.stream", "8Base-RHOSE-4.11:openshift4/oc-mirror-plugin-rhel8:v4.11.0-202208020235.p0.g3c1c80c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-api-server-rhel8:v4.11.0-202208020706.p0.g0f52647.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-csr-approver-rhel8:v4.11.0-202208020706.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-node-agent-rhel8:v4.11.0-202208020235.p0.gb17b06b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-orchestrator-rhel8:v4.11.0-202208020235.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g79dddb1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.11.0-202208020235.p0.g8dd7ae6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.11.0-202208020235.p0.gf70a51b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-machine-controllers-rhel8:v4.11.0-202208020235.p0.g4145108.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-apiserver-network-proxy-rhel8:v4.11.0-202208020235.p0.g1966e0d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gea1a9b2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gb3fe15b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g2c7529e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.11.0-202208020235.p0.g7564046.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.11.0-202208020235.p0.ga085f1c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-node-manager-rhel8:v4.11.0-202208020706.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.ga851a35.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gc4197c3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8:v4.11.0-202208020235.p0.g0fe424e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gcbe7044.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-rhel8:v4.11.0-202208020235.p0.g67c3831.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-installer-rhel8:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-rhel8-operator:v4.11.0-202208020235.p0.g22b522c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-runtimecfg-rhel8:v4.11.0-202208020235.p0.g70d770d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli-artifacts:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cloud-credential-operator:v4.11.0-202208020235.p0.g9a40d74.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-api-rhel8:v4.11.0-202208020235.p0.gf9c215c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-authentication-operator:v4.11.0-202208020235.p0.ge2bcbaa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler-operator:v4.11.0-202208020706.p0.gfcffbcd.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler:v4.11.0-202208020235.p0.g80a9b6d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202208020235.p0.g0f415d1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-bootstrap:v4.11.0-202208020235.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-operator-container-rhel8:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-rhel8-operator:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.11.0-202208020235.p0.gc2f2cbf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-config-operator:v4.11.0-202208020235.p0.g0e01b06.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.11.0-202208020706.p0.g8d0774f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-dns-operator:v4.11.0-202208020235.p0.g8998093.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-etcd-rhel8-operator:v4.11.0-202208020235.p0.gbcae2f3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-image-registry-operator:v4.11.0-202208020235.p0.g4d66ea3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-ingress-operator:v4.11.0-202208020235.p0.g2432dad.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-apiserver-operator:v4.11.0-202208020235.p0.gc7c94db.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-cluster-api-rhel8-operator:v4.11.0-202208020235.p0.g55efc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-controller-manager-operator:v4.11.0-202208020235.p0.ga6cb428.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-scheduler-operator:v4.11.0-202208020235.p0.gb8fed26.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.11.0-202208020235.p0.g12d050a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-machine-approver:v4.11.0-202208020235.p0.g3ee1fe4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-monitoring-operator:v4.11.0-202208020235.p0.gfcc377d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-network-operator:v4.11.0-202208020235.p0.g3528a6b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-node-tuning-operator:v4.11.0-202208020235.p0.ga7921b7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-apiserver-operator:v4.11.0-202208020235.p0.g5ddbeef.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-controller-manager-operator:v4.11.0-202208020235.p0.g0315835.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-policy-controller-rhel8:v4.11.0-202208020235.p0.gc7201ed.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-samples-operator:v4.11.0-202208020235.p0.g375a4a9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-storage-operator:v4.11.0-202208020235.p0.gce8a6de.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-update-keys:v4.11.0-202207070244.p0.g289032f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-version-operator:v4.11.0-202208020235.p0.g96cc88c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-configmap-reloader:v4.11.0-202208020235.p0.gb7c03bb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console-operator:v4.11.0-202208020235.p0.g501e91f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console:v4.11.0-202208021257.p0.ge0d49a2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-container-networking-plugins-rhel8:v4.11.0-202208020235.p0.g0ad9da6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-coredns:v4.11.0-202208020235.p0.g7fe212f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8-operator:v4.11.0-202208020235.p0.g12cb253.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-nfs-rhel8:v4.11.0-202208020235.p0.gf144bb4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.11.0-202208020706.p0.gd3985eb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-webhook-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher-rhel8:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner-rhel8:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer-rhel8:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe-rhel8:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar-rhel8:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-deployer:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-builder:v4.11.0-202208020235.p0.gb500d85.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-registry:v4.11.0-202208020235.p0.g9f07f43.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-etcd:v4.11.0-202208020235.p0.g80cc14e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g9a303b1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gff20dda.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gbc7bad4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.11.0-202208020235.p0.gf9d7fdc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-haproxy-router:v4.11.0-202208020235.p0.g601ba57.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hyperkube:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hypershift-rhel8:v4.11.0-202208020235.p0.g65f10a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gce83696.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.ge4a2180.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.11.0-202208020235.p0.gc85624d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.11.0-202208020235.p0.g32e18fa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.11.0-202208020235.p0.g3bde969.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-image-customization-controller-rhel8:v4.11.0-202208020235.p0.g42b4b1f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-insights-rhel8-operator:v4.11.0-202208020235.p0.g0929403.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer-artifacts:v4.11.0-202208020706.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-agent-rhel8:v4.11.0-202207132222.p0.gd84c963.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.11.0-202208020235.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-rhel8:v4.11.0-202207132222.p0.gb1863f8.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-static-ip-manager-rhel8:v4.11.0-202207070244.p0.g84a378e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-k8s-prometheus-adapter:v4.11.0-202208020235.p0.g32fb8ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-keepalived-ipfailover:v4.11.0-202207070244.p0.gf1330f6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-proxy:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-rbac-proxy:v4.11.0-202208020235.p0.ga805ba5.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-state-metrics:v4.11.0-202208020235.p0.g896d000.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-storage-version-migrator-rhel8:v4.11.0-202208020235.p0.g596745c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-cni-rhel8:v4.11.0-202208020235.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-controller-rhel8:v4.11.0-202208011446.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-libvirt-machine-controllers:v4.11.0-202208020235.p0.gb6e14ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-operator:v4.11.0-202208020235.p0.g4e3e83c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-aws-rhel8:v4.11.0-202208020235.p0.gd701bcb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-azure-rhel8:v4.11.0-202208020706.p0.g93b3f9e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-gcp-rhel8:v4.11.0-202208020235.p0.g17a3a9f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-openstack-rhel8:v4.11.0-202208020235.p0.geb7e497.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-config-operator:v4.11.0-202208020235.p0.ge722bb7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-os-images-rhel8:v4.11.0-202208020235.p0.g1150735.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-admission-controller:v4.11.0-202208020235.p0.gf38aae4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-cni:v4.11.0-202208020235.p0.g3cc5a3a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-networkpolicy-rhel8:v4.11.0-202208020706.p0.g643fdaf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-route-override-cni-rhel8:v4.11.0-202208020235.p0.g523b790.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.11.0-202208020235.p0.g9951259.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-must-gather:v4.11.0-202208020706.p0.g32bca40.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-interface-bond-cni-rhel8:v4.11.0-202208020235.p0.gd69bd07.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-metrics-daemon-rhel8:v4.11.0-202208020235.p0.g9482ac9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-nutanix-machine-controllers-rhel8:v4.11.0-202208020235.p0.ga94eb77.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-apiserver-rhel8:v4.11.0-202208020235.p0.gf60f1c1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-proxy:v4.11.0-202208020235.p0.gaad1b28.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-server-rhel8:v4.11.0-202208020235.p0.g8d80088.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-apiserver-rhel8:v4.11.0-202208020235.p0.g4b6f874.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-controller-manager-rhel8:v4.11.0-202208020235.p0.g46157a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-state-metrics-rhel8:v4.11.0-202208020235.p0.g1a7a5dc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gae4c45c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-machine-controllers:v4.11.0-202208020235.p0.g440ca42.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-lifecycle-manager:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-marketplace:v4.11.0-202208020235.p0.g040c64e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-registry:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovirt-machine-controllers-rhel8:v4.11.0-202208020235.p0.g5a93d94.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovn-kubernetes:v4.11.0-202208020706.p0.g2e00ec0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-pod:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g8ace6e9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-machine-controllers-rhel8:v4.11.0-202208020235.p0.g76649b3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prom-label-proxy:v4.11.0-202208020235.p0.gaf12fbc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-alertmanager:v4.11.0-202208020235.p0.g05cfc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-config-reloader:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-node-exporter:v4.11.0-202208020235.p0.g0102201.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator-admission-webhook-rhel8:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus:v4.11.0-202208020235.p0.gd2dfc27.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-sdn-rhel8:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-service-ca-operator:v4.11.0-202208020235.p0.g0899d11.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-telemeter:v4.11.0-202208020235.p0.g77b2966.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tests:v4.11.0-202208020706.p0.gb860532.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-thanos-rhel8:v4.11.0-202208020235.p0.gf08da2d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tools-rhel8:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g6fd8e8d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gf67d1d0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-problem-detector-rhel8:v4.11.0-202208020235.p0.g5910f33.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel7:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g7a30e38.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=2065290" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in sanitize-url due to improper sanitization in the sanitizeUrl function. This issue causes vulnerability to Cross-site Scripting in sanitize-url.", "title": "Vulnerability description" }, { "category": "summary", "text": "sanitize-url: XSS due to improper sanitization in sanitizeUrl function", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.11:openshift4/ose-grafana:v4.11.0-202208020235.p0.g6773185.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.11:openshift4/cloud-network-config-controller-rhel8:v4.11.0-202208020706.p0.g7a3c3c9.assembly.stream", "8Base-RHOSE-4.11:openshift4/driver-toolkit-rhel8:v4.11.0-202208020947.p0.g4e799c0.assembly.stream", "8Base-RHOSE-4.11:openshift4/egress-router-cni-rhel8:v4.11.0-202208020235.p0.gfccaf1d.assembly.stream", "8Base-RHOSE-4.11:openshift4/network-tools-rhel8:v4.11.0-202208020947.p0.g1845124.assembly.stream", "8Base-RHOSE-4.11:openshift4/oc-mirror-plugin-rhel8:v4.11.0-202208020235.p0.g3c1c80c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-api-server-rhel8:v4.11.0-202208020706.p0.g0f52647.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-csr-approver-rhel8:v4.11.0-202208020706.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-node-agent-rhel8:v4.11.0-202208020235.p0.gb17b06b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-orchestrator-rhel8:v4.11.0-202208020235.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g79dddb1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.11.0-202208020235.p0.g8dd7ae6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.11.0-202208020235.p0.gf70a51b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-machine-controllers-rhel8:v4.11.0-202208020235.p0.g4145108.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-apiserver-network-proxy-rhel8:v4.11.0-202208020235.p0.g1966e0d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gea1a9b2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gb3fe15b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g2c7529e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.11.0-202208020235.p0.g7564046.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.11.0-202208020235.p0.ga085f1c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-node-manager-rhel8:v4.11.0-202208020706.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.ga851a35.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gc4197c3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8:v4.11.0-202208020235.p0.g0fe424e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gcbe7044.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-rhel8:v4.11.0-202208020235.p0.g67c3831.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-installer-rhel8:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-rhel8-operator:v4.11.0-202208020235.p0.g22b522c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-runtimecfg-rhel8:v4.11.0-202208020235.p0.g70d770d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli-artifacts:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cloud-credential-operator:v4.11.0-202208020235.p0.g9a40d74.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-api-rhel8:v4.11.0-202208020235.p0.gf9c215c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-authentication-operator:v4.11.0-202208020235.p0.ge2bcbaa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler-operator:v4.11.0-202208020706.p0.gfcffbcd.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler:v4.11.0-202208020235.p0.g80a9b6d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202208020235.p0.g0f415d1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-bootstrap:v4.11.0-202208020235.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-operator-container-rhel8:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-rhel8-operator:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.11.0-202208020235.p0.gc2f2cbf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-config-operator:v4.11.0-202208020235.p0.g0e01b06.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.11.0-202208020706.p0.g8d0774f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-dns-operator:v4.11.0-202208020235.p0.g8998093.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-etcd-rhel8-operator:v4.11.0-202208020235.p0.gbcae2f3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-image-registry-operator:v4.11.0-202208020235.p0.g4d66ea3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-ingress-operator:v4.11.0-202208020235.p0.g2432dad.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-apiserver-operator:v4.11.0-202208020235.p0.gc7c94db.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-cluster-api-rhel8-operator:v4.11.0-202208020235.p0.g55efc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-controller-manager-operator:v4.11.0-202208020235.p0.ga6cb428.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-scheduler-operator:v4.11.0-202208020235.p0.gb8fed26.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.11.0-202208020235.p0.g12d050a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-machine-approver:v4.11.0-202208020235.p0.g3ee1fe4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-monitoring-operator:v4.11.0-202208020235.p0.gfcc377d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-network-operator:v4.11.0-202208020235.p0.g3528a6b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-node-tuning-operator:v4.11.0-202208020235.p0.ga7921b7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-apiserver-operator:v4.11.0-202208020235.p0.g5ddbeef.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-controller-manager-operator:v4.11.0-202208020235.p0.g0315835.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-policy-controller-rhel8:v4.11.0-202208020235.p0.gc7201ed.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-samples-operator:v4.11.0-202208020235.p0.g375a4a9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-storage-operator:v4.11.0-202208020235.p0.gce8a6de.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-update-keys:v4.11.0-202207070244.p0.g289032f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-version-operator:v4.11.0-202208020235.p0.g96cc88c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-configmap-reloader:v4.11.0-202208020235.p0.gb7c03bb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console-operator:v4.11.0-202208020235.p0.g501e91f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console:v4.11.0-202208021257.p0.ge0d49a2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-container-networking-plugins-rhel8:v4.11.0-202208020235.p0.g0ad9da6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-coredns:v4.11.0-202208020235.p0.g7fe212f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8-operator:v4.11.0-202208020235.p0.g12cb253.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-nfs-rhel8:v4.11.0-202208020235.p0.gf144bb4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.11.0-202208020706.p0.gd3985eb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-webhook-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher-rhel8:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner-rhel8:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer-rhel8:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe-rhel8:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar-rhel8:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-deployer:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-builder:v4.11.0-202208020235.p0.gb500d85.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-registry:v4.11.0-202208020235.p0.g9f07f43.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-etcd:v4.11.0-202208020235.p0.g80cc14e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g9a303b1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gff20dda.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gbc7bad4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.11.0-202208020235.p0.gf9d7fdc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-haproxy-router:v4.11.0-202208020235.p0.g601ba57.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hyperkube:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hypershift-rhel8:v4.11.0-202208020235.p0.g65f10a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gce83696.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.ge4a2180.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.11.0-202208020235.p0.gc85624d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.11.0-202208020235.p0.g32e18fa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.11.0-202208020235.p0.g3bde969.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-image-customization-controller-rhel8:v4.11.0-202208020235.p0.g42b4b1f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-insights-rhel8-operator:v4.11.0-202208020235.p0.g0929403.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer-artifacts:v4.11.0-202208020706.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-agent-rhel8:v4.11.0-202207132222.p0.gd84c963.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.11.0-202208020235.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-rhel8:v4.11.0-202207132222.p0.gb1863f8.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-static-ip-manager-rhel8:v4.11.0-202207070244.p0.g84a378e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-k8s-prometheus-adapter:v4.11.0-202208020235.p0.g32fb8ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-keepalived-ipfailover:v4.11.0-202207070244.p0.gf1330f6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-proxy:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-rbac-proxy:v4.11.0-202208020235.p0.ga805ba5.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-state-metrics:v4.11.0-202208020235.p0.g896d000.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-storage-version-migrator-rhel8:v4.11.0-202208020235.p0.g596745c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-cni-rhel8:v4.11.0-202208020235.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-controller-rhel8:v4.11.0-202208011446.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-libvirt-machine-controllers:v4.11.0-202208020235.p0.gb6e14ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-operator:v4.11.0-202208020235.p0.g4e3e83c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-aws-rhel8:v4.11.0-202208020235.p0.gd701bcb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-azure-rhel8:v4.11.0-202208020706.p0.g93b3f9e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-gcp-rhel8:v4.11.0-202208020235.p0.g17a3a9f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-openstack-rhel8:v4.11.0-202208020235.p0.geb7e497.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-config-operator:v4.11.0-202208020235.p0.ge722bb7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-os-images-rhel8:v4.11.0-202208020235.p0.g1150735.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-admission-controller:v4.11.0-202208020235.p0.gf38aae4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-cni:v4.11.0-202208020235.p0.g3cc5a3a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-networkpolicy-rhel8:v4.11.0-202208020706.p0.g643fdaf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-route-override-cni-rhel8:v4.11.0-202208020235.p0.g523b790.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.11.0-202208020235.p0.g9951259.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-must-gather:v4.11.0-202208020706.p0.g32bca40.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-interface-bond-cni-rhel8:v4.11.0-202208020235.p0.gd69bd07.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-metrics-daemon-rhel8:v4.11.0-202208020235.p0.g9482ac9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-nutanix-machine-controllers-rhel8:v4.11.0-202208020235.p0.ga94eb77.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-apiserver-rhel8:v4.11.0-202208020235.p0.gf60f1c1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-proxy:v4.11.0-202208020235.p0.gaad1b28.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-server-rhel8:v4.11.0-202208020235.p0.g8d80088.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-apiserver-rhel8:v4.11.0-202208020235.p0.g4b6f874.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-controller-manager-rhel8:v4.11.0-202208020235.p0.g46157a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-state-metrics-rhel8:v4.11.0-202208020235.p0.g1a7a5dc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gae4c45c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-machine-controllers:v4.11.0-202208020235.p0.g440ca42.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-lifecycle-manager:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-marketplace:v4.11.0-202208020235.p0.g040c64e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-registry:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovirt-machine-controllers-rhel8:v4.11.0-202208020235.p0.g5a93d94.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovn-kubernetes:v4.11.0-202208020706.p0.g2e00ec0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-pod:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g8ace6e9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-machine-controllers-rhel8:v4.11.0-202208020235.p0.g76649b3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prom-label-proxy:v4.11.0-202208020235.p0.gaf12fbc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-alertmanager:v4.11.0-202208020235.p0.g05cfc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-config-reloader:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-node-exporter:v4.11.0-202208020235.p0.g0102201.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator-admission-webhook-rhel8:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus:v4.11.0-202208020235.p0.gd2dfc27.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-sdn-rhel8:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-service-ca-operator:v4.11.0-202208020235.p0.g0899d11.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-telemeter:v4.11.0-202208020235.p0.g77b2966.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tests:v4.11.0-202208020706.p0.gb860532.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-thanos-rhel8:v4.11.0-202208020235.p0.gf08da2d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tools-rhel8:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g6fd8e8d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gf67d1d0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-problem-detector-rhel8:v4.11.0-202208020235.p0.g5910f33.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel7:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g7a30e38.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23648", "url": "https://www.cve.org/CVERecord?id=CVE-2021-23648" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23648", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23648" }, { "category": "external", "summary": "https://github.com/braintree/sanitize-url/pull/40", "url": "https://github.com/braintree/sanitize-url/pull/40" }, { "category": "external", "summary": "https://snyk.io/vuln/SNYK-JS-BRAINTREESANITIZEURL-2339882", "url": "https://snyk.io/vuln/SNYK-JS-BRAINTREESANITIZEURL-2339882" }, { "category": "external", "summary": "CVE-2021-23648", "url": "https://access.redhat.com/security/cve/CVE-2021-23648" }, { "category": "external", "summary": "bz#2065290: CVE-2021-23648 sanitize-url: XSS due to improper sanitization in sanitizeUrl function", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065290" } ], "release_date": "2022-02-22T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.11:openshift4/ose-grafana:v4.11.0-202208020235.p0.g6773185.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2022:5069" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.11:openshift4/ose-grafana:v4.11.0-202208020235.p0.g6773185.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2022-03-17T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2021-23648 sanitize-url: XSS due to improper sanitization in sanitizeUrl function" }, { "cve": "CVE-2021-41190", "cwe": { "id": "CWE-843", "name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)" }, "discovery_date": "2021-11-18T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.11:openshift4/cloud-network-config-controller-rhel8:v4.11.0-202208020706.p0.g7a3c3c9.assembly.stream", "8Base-RHOSE-4.11:openshift4/driver-toolkit-rhel8:v4.11.0-202208020947.p0.g4e799c0.assembly.stream", "8Base-RHOSE-4.11:openshift4/egress-router-cni-rhel8:v4.11.0-202208020235.p0.gfccaf1d.assembly.stream", "8Base-RHOSE-4.11:openshift4/network-tools-rhel8:v4.11.0-202208020947.p0.g1845124.assembly.stream", "8Base-RHOSE-4.11:openshift4/oc-mirror-plugin-rhel8:v4.11.0-202208020235.p0.g3c1c80c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-api-server-rhel8:v4.11.0-202208020706.p0.g0f52647.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-csr-approver-rhel8:v4.11.0-202208020706.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-node-agent-rhel8:v4.11.0-202208020235.p0.gb17b06b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-orchestrator-rhel8:v4.11.0-202208020235.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g79dddb1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.11.0-202208020235.p0.g8dd7ae6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.11.0-202208020235.p0.gf70a51b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-machine-controllers-rhel8:v4.11.0-202208020235.p0.g4145108.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-apiserver-network-proxy-rhel8:v4.11.0-202208020235.p0.g1966e0d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gea1a9b2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gb3fe15b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g2c7529e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.11.0-202208020235.p0.g7564046.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.11.0-202208020235.p0.ga085f1c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-node-manager-rhel8:v4.11.0-202208020706.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.ga851a35.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gc4197c3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8:v4.11.0-202208020235.p0.g0fe424e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gcbe7044.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-rhel8:v4.11.0-202208020235.p0.g67c3831.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-installer-rhel8:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-rhel8-operator:v4.11.0-202208020235.p0.g22b522c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-runtimecfg-rhel8:v4.11.0-202208020235.p0.g70d770d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli-artifacts:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cloud-credential-operator:v4.11.0-202208020235.p0.g9a40d74.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-api-rhel8:v4.11.0-202208020235.p0.gf9c215c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-authentication-operator:v4.11.0-202208020235.p0.ge2bcbaa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler-operator:v4.11.0-202208020706.p0.gfcffbcd.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler:v4.11.0-202208020235.p0.g80a9b6d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202208020235.p0.g0f415d1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-bootstrap:v4.11.0-202208020235.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-operator-container-rhel8:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-rhel8-operator:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.11.0-202208020235.p0.gc2f2cbf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-config-operator:v4.11.0-202208020235.p0.g0e01b06.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.11.0-202208020706.p0.g8d0774f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-dns-operator:v4.11.0-202208020235.p0.g8998093.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-etcd-rhel8-operator:v4.11.0-202208020235.p0.gbcae2f3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-image-registry-operator:v4.11.0-202208020235.p0.g4d66ea3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-ingress-operator:v4.11.0-202208020235.p0.g2432dad.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-apiserver-operator:v4.11.0-202208020235.p0.gc7c94db.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-cluster-api-rhel8-operator:v4.11.0-202208020235.p0.g55efc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-controller-manager-operator:v4.11.0-202208020235.p0.ga6cb428.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-scheduler-operator:v4.11.0-202208020235.p0.gb8fed26.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.11.0-202208020235.p0.g12d050a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-machine-approver:v4.11.0-202208020235.p0.g3ee1fe4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-monitoring-operator:v4.11.0-202208020235.p0.gfcc377d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-network-operator:v4.11.0-202208020235.p0.g3528a6b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-node-tuning-operator:v4.11.0-202208020235.p0.ga7921b7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-apiserver-operator:v4.11.0-202208020235.p0.g5ddbeef.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-controller-manager-operator:v4.11.0-202208020235.p0.g0315835.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-policy-controller-rhel8:v4.11.0-202208020235.p0.gc7201ed.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-samples-operator:v4.11.0-202208020235.p0.g375a4a9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-storage-operator:v4.11.0-202208020235.p0.gce8a6de.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-update-keys:v4.11.0-202207070244.p0.g289032f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-version-operator:v4.11.0-202208020235.p0.g96cc88c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-configmap-reloader:v4.11.0-202208020235.p0.gb7c03bb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console-operator:v4.11.0-202208020235.p0.g501e91f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console:v4.11.0-202208021257.p0.ge0d49a2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-container-networking-plugins-rhel8:v4.11.0-202208020235.p0.g0ad9da6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-coredns:v4.11.0-202208020235.p0.g7fe212f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8-operator:v4.11.0-202208020235.p0.g12cb253.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-nfs-rhel8:v4.11.0-202208020235.p0.gf144bb4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.11.0-202208020706.p0.gd3985eb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-webhook-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher-rhel8:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner-rhel8:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer-rhel8:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe-rhel8:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar-rhel8:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-deployer:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-registry:v4.11.0-202208020235.p0.g9f07f43.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-etcd:v4.11.0-202208020235.p0.g80cc14e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g9a303b1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gff20dda.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gbc7bad4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.11.0-202208020235.p0.gf9d7fdc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-grafana:v4.11.0-202208020235.p0.g6773185.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-haproxy-router:v4.11.0-202208020235.p0.g601ba57.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hyperkube:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hypershift-rhel8:v4.11.0-202208020235.p0.g65f10a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gce83696.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.ge4a2180.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.11.0-202208020235.p0.gc85624d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.11.0-202208020235.p0.g32e18fa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.11.0-202208020235.p0.g3bde969.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-image-customization-controller-rhel8:v4.11.0-202208020235.p0.g42b4b1f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-insights-rhel8-operator:v4.11.0-202208020235.p0.g0929403.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer-artifacts:v4.11.0-202208020706.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-agent-rhel8:v4.11.0-202207132222.p0.gd84c963.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.11.0-202208020235.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-rhel8:v4.11.0-202207132222.p0.gb1863f8.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-static-ip-manager-rhel8:v4.11.0-202207070244.p0.g84a378e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-k8s-prometheus-adapter:v4.11.0-202208020235.p0.g32fb8ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-keepalived-ipfailover:v4.11.0-202207070244.p0.gf1330f6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-proxy:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-rbac-proxy:v4.11.0-202208020235.p0.ga805ba5.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-state-metrics:v4.11.0-202208020235.p0.g896d000.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-storage-version-migrator-rhel8:v4.11.0-202208020235.p0.g596745c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-cni-rhel8:v4.11.0-202208020235.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-controller-rhel8:v4.11.0-202208011446.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-libvirt-machine-controllers:v4.11.0-202208020235.p0.gb6e14ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-operator:v4.11.0-202208020235.p0.g4e3e83c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-aws-rhel8:v4.11.0-202208020235.p0.gd701bcb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-azure-rhel8:v4.11.0-202208020706.p0.g93b3f9e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-gcp-rhel8:v4.11.0-202208020235.p0.g17a3a9f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-openstack-rhel8:v4.11.0-202208020235.p0.geb7e497.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-config-operator:v4.11.0-202208020235.p0.ge722bb7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-os-images-rhel8:v4.11.0-202208020235.p0.g1150735.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-admission-controller:v4.11.0-202208020235.p0.gf38aae4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-cni:v4.11.0-202208020235.p0.g3cc5a3a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-networkpolicy-rhel8:v4.11.0-202208020706.p0.g643fdaf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-route-override-cni-rhel8:v4.11.0-202208020235.p0.g523b790.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.11.0-202208020235.p0.g9951259.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-must-gather:v4.11.0-202208020706.p0.g32bca40.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-interface-bond-cni-rhel8:v4.11.0-202208020235.p0.gd69bd07.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-metrics-daemon-rhel8:v4.11.0-202208020235.p0.g9482ac9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-nutanix-machine-controllers-rhel8:v4.11.0-202208020235.p0.ga94eb77.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-apiserver-rhel8:v4.11.0-202208020235.p0.gf60f1c1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-proxy:v4.11.0-202208020235.p0.gaad1b28.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-server-rhel8:v4.11.0-202208020235.p0.g8d80088.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-apiserver-rhel8:v4.11.0-202208020235.p0.g4b6f874.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-controller-manager-rhel8:v4.11.0-202208020235.p0.g46157a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-state-metrics-rhel8:v4.11.0-202208020235.p0.g1a7a5dc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gae4c45c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-machine-controllers:v4.11.0-202208020235.p0.g440ca42.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-lifecycle-manager:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-marketplace:v4.11.0-202208020235.p0.g040c64e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-registry:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovirt-machine-controllers-rhel8:v4.11.0-202208020235.p0.g5a93d94.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovn-kubernetes:v4.11.0-202208020706.p0.g2e00ec0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-pod:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g8ace6e9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-machine-controllers-rhel8:v4.11.0-202208020235.p0.g76649b3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prom-label-proxy:v4.11.0-202208020235.p0.gaf12fbc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-alertmanager:v4.11.0-202208020235.p0.g05cfc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-config-reloader:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-node-exporter:v4.11.0-202208020235.p0.g0102201.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator-admission-webhook-rhel8:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus:v4.11.0-202208020235.p0.gd2dfc27.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-sdn-rhel8:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-service-ca-operator:v4.11.0-202208020235.p0.g0899d11.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-telemeter:v4.11.0-202208020235.p0.g77b2966.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tests:v4.11.0-202208020706.p0.gb860532.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-thanos-rhel8:v4.11.0-202208020235.p0.gf08da2d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tools-rhel8:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g6fd8e8d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gf67d1d0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-problem-detector-rhel8:v4.11.0-202208020235.p0.g5910f33.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel7:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g7a30e38.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=2024938" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Image Specification, the manifest and index documents were not self-describing and documents with a single digest could be interpreted as either a manifest or an index. In the OCI Image Specification version 1.0.1 there is specified a recommendation that both manifest and index documents contain a `mediaType` field to identify the type of document.", "title": "Vulnerability description" }, { "category": "summary", "text": "opencontainers: OCI manifest and index parsing confusion", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.11:openshift4/ose-docker-builder:v4.11.0-202208020235.p0.gb500d85.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.11:openshift4/cloud-network-config-controller-rhel8:v4.11.0-202208020706.p0.g7a3c3c9.assembly.stream", "8Base-RHOSE-4.11:openshift4/driver-toolkit-rhel8:v4.11.0-202208020947.p0.g4e799c0.assembly.stream", "8Base-RHOSE-4.11:openshift4/egress-router-cni-rhel8:v4.11.0-202208020235.p0.gfccaf1d.assembly.stream", "8Base-RHOSE-4.11:openshift4/network-tools-rhel8:v4.11.0-202208020947.p0.g1845124.assembly.stream", "8Base-RHOSE-4.11:openshift4/oc-mirror-plugin-rhel8:v4.11.0-202208020235.p0.g3c1c80c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-api-server-rhel8:v4.11.0-202208020706.p0.g0f52647.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-csr-approver-rhel8:v4.11.0-202208020706.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-node-agent-rhel8:v4.11.0-202208020235.p0.gb17b06b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-orchestrator-rhel8:v4.11.0-202208020235.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g79dddb1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.11.0-202208020235.p0.g8dd7ae6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.11.0-202208020235.p0.gf70a51b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-machine-controllers-rhel8:v4.11.0-202208020235.p0.g4145108.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-apiserver-network-proxy-rhel8:v4.11.0-202208020235.p0.g1966e0d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gea1a9b2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gb3fe15b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g2c7529e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.11.0-202208020235.p0.g7564046.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.11.0-202208020235.p0.ga085f1c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-node-manager-rhel8:v4.11.0-202208020706.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.ga851a35.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gc4197c3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8:v4.11.0-202208020235.p0.g0fe424e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gcbe7044.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-rhel8:v4.11.0-202208020235.p0.g67c3831.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-installer-rhel8:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-rhel8-operator:v4.11.0-202208020235.p0.g22b522c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-runtimecfg-rhel8:v4.11.0-202208020235.p0.g70d770d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli-artifacts:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cloud-credential-operator:v4.11.0-202208020235.p0.g9a40d74.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-api-rhel8:v4.11.0-202208020235.p0.gf9c215c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-authentication-operator:v4.11.0-202208020235.p0.ge2bcbaa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler-operator:v4.11.0-202208020706.p0.gfcffbcd.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler:v4.11.0-202208020235.p0.g80a9b6d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202208020235.p0.g0f415d1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-bootstrap:v4.11.0-202208020235.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-operator-container-rhel8:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-rhel8-operator:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.11.0-202208020235.p0.gc2f2cbf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-config-operator:v4.11.0-202208020235.p0.g0e01b06.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.11.0-202208020706.p0.g8d0774f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-dns-operator:v4.11.0-202208020235.p0.g8998093.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-etcd-rhel8-operator:v4.11.0-202208020235.p0.gbcae2f3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-image-registry-operator:v4.11.0-202208020235.p0.g4d66ea3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-ingress-operator:v4.11.0-202208020235.p0.g2432dad.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-apiserver-operator:v4.11.0-202208020235.p0.gc7c94db.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-cluster-api-rhel8-operator:v4.11.0-202208020235.p0.g55efc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-controller-manager-operator:v4.11.0-202208020235.p0.ga6cb428.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-scheduler-operator:v4.11.0-202208020235.p0.gb8fed26.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.11.0-202208020235.p0.g12d050a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-machine-approver:v4.11.0-202208020235.p0.g3ee1fe4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-monitoring-operator:v4.11.0-202208020235.p0.gfcc377d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-network-operator:v4.11.0-202208020235.p0.g3528a6b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-node-tuning-operator:v4.11.0-202208020235.p0.ga7921b7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-apiserver-operator:v4.11.0-202208020235.p0.g5ddbeef.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-controller-manager-operator:v4.11.0-202208020235.p0.g0315835.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-policy-controller-rhel8:v4.11.0-202208020235.p0.gc7201ed.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-samples-operator:v4.11.0-202208020235.p0.g375a4a9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-storage-operator:v4.11.0-202208020235.p0.gce8a6de.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-update-keys:v4.11.0-202207070244.p0.g289032f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-version-operator:v4.11.0-202208020235.p0.g96cc88c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-configmap-reloader:v4.11.0-202208020235.p0.gb7c03bb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console-operator:v4.11.0-202208020235.p0.g501e91f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console:v4.11.0-202208021257.p0.ge0d49a2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-container-networking-plugins-rhel8:v4.11.0-202208020235.p0.g0ad9da6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-coredns:v4.11.0-202208020235.p0.g7fe212f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8-operator:v4.11.0-202208020235.p0.g12cb253.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-nfs-rhel8:v4.11.0-202208020235.p0.gf144bb4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.11.0-202208020706.p0.gd3985eb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-webhook-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher-rhel8:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner-rhel8:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer-rhel8:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe-rhel8:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar-rhel8:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-deployer:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-registry:v4.11.0-202208020235.p0.g9f07f43.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-etcd:v4.11.0-202208020235.p0.g80cc14e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g9a303b1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gff20dda.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gbc7bad4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.11.0-202208020235.p0.gf9d7fdc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-grafana:v4.11.0-202208020235.p0.g6773185.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-haproxy-router:v4.11.0-202208020235.p0.g601ba57.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hyperkube:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hypershift-rhel8:v4.11.0-202208020235.p0.g65f10a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gce83696.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.ge4a2180.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.11.0-202208020235.p0.gc85624d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.11.0-202208020235.p0.g32e18fa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.11.0-202208020235.p0.g3bde969.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-image-customization-controller-rhel8:v4.11.0-202208020235.p0.g42b4b1f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-insights-rhel8-operator:v4.11.0-202208020235.p0.g0929403.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer-artifacts:v4.11.0-202208020706.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-agent-rhel8:v4.11.0-202207132222.p0.gd84c963.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.11.0-202208020235.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-rhel8:v4.11.0-202207132222.p0.gb1863f8.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-static-ip-manager-rhel8:v4.11.0-202207070244.p0.g84a378e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-k8s-prometheus-adapter:v4.11.0-202208020235.p0.g32fb8ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-keepalived-ipfailover:v4.11.0-202207070244.p0.gf1330f6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-proxy:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-rbac-proxy:v4.11.0-202208020235.p0.ga805ba5.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-state-metrics:v4.11.0-202208020235.p0.g896d000.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-storage-version-migrator-rhel8:v4.11.0-202208020235.p0.g596745c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-cni-rhel8:v4.11.0-202208020235.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-controller-rhel8:v4.11.0-202208011446.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-libvirt-machine-controllers:v4.11.0-202208020235.p0.gb6e14ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-operator:v4.11.0-202208020235.p0.g4e3e83c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-aws-rhel8:v4.11.0-202208020235.p0.gd701bcb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-azure-rhel8:v4.11.0-202208020706.p0.g93b3f9e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-gcp-rhel8:v4.11.0-202208020235.p0.g17a3a9f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-openstack-rhel8:v4.11.0-202208020235.p0.geb7e497.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-config-operator:v4.11.0-202208020235.p0.ge722bb7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-os-images-rhel8:v4.11.0-202208020235.p0.g1150735.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-admission-controller:v4.11.0-202208020235.p0.gf38aae4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-cni:v4.11.0-202208020235.p0.g3cc5a3a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-networkpolicy-rhel8:v4.11.0-202208020706.p0.g643fdaf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-route-override-cni-rhel8:v4.11.0-202208020235.p0.g523b790.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.11.0-202208020235.p0.g9951259.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-must-gather:v4.11.0-202208020706.p0.g32bca40.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-interface-bond-cni-rhel8:v4.11.0-202208020235.p0.gd69bd07.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-metrics-daemon-rhel8:v4.11.0-202208020235.p0.g9482ac9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-nutanix-machine-controllers-rhel8:v4.11.0-202208020235.p0.ga94eb77.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-apiserver-rhel8:v4.11.0-202208020235.p0.gf60f1c1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-proxy:v4.11.0-202208020235.p0.gaad1b28.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-server-rhel8:v4.11.0-202208020235.p0.g8d80088.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-apiserver-rhel8:v4.11.0-202208020235.p0.g4b6f874.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-controller-manager-rhel8:v4.11.0-202208020235.p0.g46157a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-state-metrics-rhel8:v4.11.0-202208020235.p0.g1a7a5dc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gae4c45c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-machine-controllers:v4.11.0-202208020235.p0.g440ca42.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-lifecycle-manager:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-marketplace:v4.11.0-202208020235.p0.g040c64e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-registry:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovirt-machine-controllers-rhel8:v4.11.0-202208020235.p0.g5a93d94.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovn-kubernetes:v4.11.0-202208020706.p0.g2e00ec0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-pod:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g8ace6e9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-machine-controllers-rhel8:v4.11.0-202208020235.p0.g76649b3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prom-label-proxy:v4.11.0-202208020235.p0.gaf12fbc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-alertmanager:v4.11.0-202208020235.p0.g05cfc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-config-reloader:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-node-exporter:v4.11.0-202208020235.p0.g0102201.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator-admission-webhook-rhel8:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus:v4.11.0-202208020235.p0.gd2dfc27.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-sdn-rhel8:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-service-ca-operator:v4.11.0-202208020235.p0.g0899d11.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-telemeter:v4.11.0-202208020235.p0.g77b2966.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tests:v4.11.0-202208020706.p0.gb860532.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-thanos-rhel8:v4.11.0-202208020235.p0.gf08da2d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tools-rhel8:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g6fd8e8d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gf67d1d0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-problem-detector-rhel8:v4.11.0-202208020235.p0.g5910f33.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel7:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g7a30e38.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-41190", "url": "https://www.cve.org/CVERecord?id=CVE-2021-41190" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-41190", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41190" }, { "category": "external", "summary": "https://github.com/moby/moby/security/advisories/GHSA-xmmx-7jpf-fx42", "url": "https://github.com/moby/moby/security/advisories/GHSA-xmmx-7jpf-fx42" }, { "category": "external", "summary": "https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m", "url": "https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m" }, { "category": "external", "summary": "https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh", "url": "https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh" }, { "category": "external", "summary": "CVE-2021-41190", "url": "https://access.redhat.com/security/cve/CVE-2021-41190" }, { "category": "external", "summary": "bz#2024938: CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024938" } ], "release_date": "2021-11-17T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.11:openshift4/ose-docker-builder:v4.11.0-202208020235.p0.gb500d85.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2022:5069" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.11:openshift4/ose-docker-builder:v4.11.0-202208020235.p0.gb500d85.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2021-11-18T00:00:00Z", "details": "Low" } ], "title": "CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion" }, { "cve": "CVE-2021-43565", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-12-07T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.11:openshift4/cloud-network-config-controller-rhel8:v4.11.0-202208020706.p0.g7a3c3c9.assembly.stream", "8Base-RHOSE-4.11:openshift4/driver-toolkit-rhel8:v4.11.0-202208020947.p0.g4e799c0.assembly.stream", "8Base-RHOSE-4.11:openshift4/egress-router-cni-rhel8:v4.11.0-202208020235.p0.gfccaf1d.assembly.stream", "8Base-RHOSE-4.11:openshift4/network-tools-rhel8:v4.11.0-202208020947.p0.g1845124.assembly.stream", "8Base-RHOSE-4.11:openshift4/oc-mirror-plugin-rhel8:v4.11.0-202208020235.p0.g3c1c80c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-api-server-rhel8:v4.11.0-202208020706.p0.g0f52647.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-csr-approver-rhel8:v4.11.0-202208020706.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-node-agent-rhel8:v4.11.0-202208020235.p0.gb17b06b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-orchestrator-rhel8:v4.11.0-202208020235.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g79dddb1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.11.0-202208020235.p0.g8dd7ae6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.11.0-202208020235.p0.gf70a51b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-machine-controllers-rhel8:v4.11.0-202208020235.p0.g4145108.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-apiserver-network-proxy-rhel8:v4.11.0-202208020235.p0.g1966e0d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gea1a9b2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gb3fe15b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g2c7529e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.11.0-202208020235.p0.g7564046.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.11.0-202208020235.p0.ga085f1c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-node-manager-rhel8:v4.11.0-202208020706.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.ga851a35.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gc4197c3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8:v4.11.0-202208020235.p0.g0fe424e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gcbe7044.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-rhel8:v4.11.0-202208020235.p0.g67c3831.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-installer-rhel8:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-rhel8-operator:v4.11.0-202208020235.p0.g22b522c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-runtimecfg-rhel8:v4.11.0-202208020235.p0.g70d770d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli-artifacts:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cloud-credential-operator:v4.11.0-202208020235.p0.g9a40d74.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-api-rhel8:v4.11.0-202208020235.p0.gf9c215c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-authentication-operator:v4.11.0-202208020235.p0.ge2bcbaa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler-operator:v4.11.0-202208020706.p0.gfcffbcd.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler:v4.11.0-202208020235.p0.g80a9b6d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202208020235.p0.g0f415d1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-bootstrap:v4.11.0-202208020235.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-operator-container-rhel8:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-rhel8-operator:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.11.0-202208020235.p0.gc2f2cbf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-config-operator:v4.11.0-202208020235.p0.g0e01b06.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.11.0-202208020706.p0.g8d0774f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-dns-operator:v4.11.0-202208020235.p0.g8998093.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-etcd-rhel8-operator:v4.11.0-202208020235.p0.gbcae2f3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-image-registry-operator:v4.11.0-202208020235.p0.g4d66ea3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-ingress-operator:v4.11.0-202208020235.p0.g2432dad.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-apiserver-operator:v4.11.0-202208020235.p0.gc7c94db.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-cluster-api-rhel8-operator:v4.11.0-202208020235.p0.g55efc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-controller-manager-operator:v4.11.0-202208020235.p0.ga6cb428.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-scheduler-operator:v4.11.0-202208020235.p0.gb8fed26.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.11.0-202208020235.p0.g12d050a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-machine-approver:v4.11.0-202208020235.p0.g3ee1fe4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-monitoring-operator:v4.11.0-202208020235.p0.gfcc377d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-network-operator:v4.11.0-202208020235.p0.g3528a6b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-node-tuning-operator:v4.11.0-202208020235.p0.ga7921b7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-apiserver-operator:v4.11.0-202208020235.p0.g5ddbeef.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-controller-manager-operator:v4.11.0-202208020235.p0.g0315835.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-policy-controller-rhel8:v4.11.0-202208020235.p0.gc7201ed.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-samples-operator:v4.11.0-202208020235.p0.g375a4a9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-storage-operator:v4.11.0-202208020235.p0.gce8a6de.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-update-keys:v4.11.0-202207070244.p0.g289032f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-version-operator:v4.11.0-202208020235.p0.g96cc88c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-configmap-reloader:v4.11.0-202208020235.p0.gb7c03bb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console-operator:v4.11.0-202208020235.p0.g501e91f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console:v4.11.0-202208021257.p0.ge0d49a2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-container-networking-plugins-rhel8:v4.11.0-202208020235.p0.g0ad9da6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-coredns:v4.11.0-202208020235.p0.g7fe212f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8-operator:v4.11.0-202208020235.p0.g12cb253.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-nfs-rhel8:v4.11.0-202208020235.p0.gf144bb4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.11.0-202208020706.p0.gd3985eb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-webhook-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher-rhel8:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner-rhel8:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer-rhel8:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe-rhel8:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar-rhel8:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-deployer:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-builder:v4.11.0-202208020235.p0.gb500d85.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-registry:v4.11.0-202208020235.p0.g9f07f43.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-etcd:v4.11.0-202208020235.p0.g80cc14e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g9a303b1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gff20dda.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gbc7bad4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.11.0-202208020235.p0.gf9d7fdc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-grafana:v4.11.0-202208020235.p0.g6773185.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-haproxy-router:v4.11.0-202208020235.p0.g601ba57.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hyperkube:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hypershift-rhel8:v4.11.0-202208020235.p0.g65f10a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gce83696.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.ge4a2180.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.11.0-202208020235.p0.gc85624d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.11.0-202208020235.p0.g32e18fa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.11.0-202208020235.p0.g3bde969.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-image-customization-controller-rhel8:v4.11.0-202208020235.p0.g42b4b1f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-insights-rhel8-operator:v4.11.0-202208020235.p0.g0929403.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer-artifacts:v4.11.0-202208020706.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-agent-rhel8:v4.11.0-202207132222.p0.gd84c963.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.11.0-202208020235.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-rhel8:v4.11.0-202207132222.p0.gb1863f8.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-static-ip-manager-rhel8:v4.11.0-202207070244.p0.g84a378e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-k8s-prometheus-adapter:v4.11.0-202208020235.p0.g32fb8ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-keepalived-ipfailover:v4.11.0-202207070244.p0.gf1330f6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-proxy:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-rbac-proxy:v4.11.0-202208020235.p0.ga805ba5.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-state-metrics:v4.11.0-202208020235.p0.g896d000.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-storage-version-migrator-rhel8:v4.11.0-202208020235.p0.g596745c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-cni-rhel8:v4.11.0-202208020235.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-controller-rhel8:v4.11.0-202208011446.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-libvirt-machine-controllers:v4.11.0-202208020235.p0.gb6e14ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-operator:v4.11.0-202208020235.p0.g4e3e83c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-aws-rhel8:v4.11.0-202208020235.p0.gd701bcb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-gcp-rhel8:v4.11.0-202208020235.p0.g17a3a9f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-openstack-rhel8:v4.11.0-202208020235.p0.geb7e497.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-config-operator:v4.11.0-202208020235.p0.ge722bb7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-os-images-rhel8:v4.11.0-202208020235.p0.g1150735.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-admission-controller:v4.11.0-202208020235.p0.gf38aae4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-cni:v4.11.0-202208020235.p0.g3cc5a3a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-networkpolicy-rhel8:v4.11.0-202208020706.p0.g643fdaf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-route-override-cni-rhel8:v4.11.0-202208020235.p0.g523b790.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.11.0-202208020235.p0.g9951259.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-must-gather:v4.11.0-202208020706.p0.g32bca40.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-interface-bond-cni-rhel8:v4.11.0-202208020235.p0.gd69bd07.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-metrics-daemon-rhel8:v4.11.0-202208020235.p0.g9482ac9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-nutanix-machine-controllers-rhel8:v4.11.0-202208020235.p0.ga94eb77.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-apiserver-rhel8:v4.11.0-202208020235.p0.gf60f1c1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-proxy:v4.11.0-202208020235.p0.gaad1b28.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-server-rhel8:v4.11.0-202208020235.p0.g8d80088.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-apiserver-rhel8:v4.11.0-202208020235.p0.g4b6f874.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-controller-manager-rhel8:v4.11.0-202208020235.p0.g46157a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-state-metrics-rhel8:v4.11.0-202208020235.p0.g1a7a5dc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gae4c45c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-machine-controllers:v4.11.0-202208020235.p0.g440ca42.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-lifecycle-manager:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-marketplace:v4.11.0-202208020235.p0.g040c64e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-registry:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovirt-machine-controllers-rhel8:v4.11.0-202208020235.p0.g5a93d94.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovn-kubernetes:v4.11.0-202208020706.p0.g2e00ec0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-pod:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g8ace6e9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-machine-controllers-rhel8:v4.11.0-202208020235.p0.g76649b3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prom-label-proxy:v4.11.0-202208020235.p0.gaf12fbc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-alertmanager:v4.11.0-202208020235.p0.g05cfc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-config-reloader:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-node-exporter:v4.11.0-202208020235.p0.g0102201.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator-admission-webhook-rhel8:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus:v4.11.0-202208020235.p0.gd2dfc27.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-sdn-rhel8:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-service-ca-operator:v4.11.0-202208020235.p0.g0899d11.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-telemeter:v4.11.0-202208020235.p0.g77b2966.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tests:v4.11.0-202208020706.p0.gb860532.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-thanos-rhel8:v4.11.0-202208020235.p0.gf08da2d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tools-rhel8:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g6fd8e8d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gf67d1d0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-problem-detector-rhel8:v4.11.0-202208020235.p0.g5910f33.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel7:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g7a30e38.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=2030787" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "There\u0027s an input validation flaw in golang.org/x/crypto\u0027s readCipherPacket() function. An unauthenticated attacker who sends an empty plaintext packet to a program linked with golang.org/x/crypto/ssh could cause a panic, potentially leading to denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang.org/x/crypto: empty plaintext packet causes panic", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.11:openshift4/ose-installer:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-azure-rhel8:v4.11.0-202208020706.p0.g93b3f9e.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.11:openshift4/cloud-network-config-controller-rhel8:v4.11.0-202208020706.p0.g7a3c3c9.assembly.stream", "8Base-RHOSE-4.11:openshift4/driver-toolkit-rhel8:v4.11.0-202208020947.p0.g4e799c0.assembly.stream", "8Base-RHOSE-4.11:openshift4/egress-router-cni-rhel8:v4.11.0-202208020235.p0.gfccaf1d.assembly.stream", "8Base-RHOSE-4.11:openshift4/network-tools-rhel8:v4.11.0-202208020947.p0.g1845124.assembly.stream", "8Base-RHOSE-4.11:openshift4/oc-mirror-plugin-rhel8:v4.11.0-202208020235.p0.g3c1c80c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-api-server-rhel8:v4.11.0-202208020706.p0.g0f52647.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-csr-approver-rhel8:v4.11.0-202208020706.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-node-agent-rhel8:v4.11.0-202208020235.p0.gb17b06b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-orchestrator-rhel8:v4.11.0-202208020235.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g79dddb1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.11.0-202208020235.p0.g8dd7ae6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.11.0-202208020235.p0.gf70a51b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-machine-controllers-rhel8:v4.11.0-202208020235.p0.g4145108.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-apiserver-network-proxy-rhel8:v4.11.0-202208020235.p0.g1966e0d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gea1a9b2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gb3fe15b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g2c7529e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.11.0-202208020235.p0.g7564046.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.11.0-202208020235.p0.ga085f1c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-node-manager-rhel8:v4.11.0-202208020706.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.ga851a35.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gc4197c3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8:v4.11.0-202208020235.p0.g0fe424e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gcbe7044.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-rhel8:v4.11.0-202208020235.p0.g67c3831.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-installer-rhel8:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-rhel8-operator:v4.11.0-202208020235.p0.g22b522c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-runtimecfg-rhel8:v4.11.0-202208020235.p0.g70d770d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli-artifacts:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cloud-credential-operator:v4.11.0-202208020235.p0.g9a40d74.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-api-rhel8:v4.11.0-202208020235.p0.gf9c215c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-authentication-operator:v4.11.0-202208020235.p0.ge2bcbaa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler-operator:v4.11.0-202208020706.p0.gfcffbcd.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler:v4.11.0-202208020235.p0.g80a9b6d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202208020235.p0.g0f415d1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-bootstrap:v4.11.0-202208020235.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-operator-container-rhel8:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-rhel8-operator:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.11.0-202208020235.p0.gc2f2cbf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-config-operator:v4.11.0-202208020235.p0.g0e01b06.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.11.0-202208020706.p0.g8d0774f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-dns-operator:v4.11.0-202208020235.p0.g8998093.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-etcd-rhel8-operator:v4.11.0-202208020235.p0.gbcae2f3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-image-registry-operator:v4.11.0-202208020235.p0.g4d66ea3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-ingress-operator:v4.11.0-202208020235.p0.g2432dad.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-apiserver-operator:v4.11.0-202208020235.p0.gc7c94db.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-cluster-api-rhel8-operator:v4.11.0-202208020235.p0.g55efc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-controller-manager-operator:v4.11.0-202208020235.p0.ga6cb428.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-scheduler-operator:v4.11.0-202208020235.p0.gb8fed26.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.11.0-202208020235.p0.g12d050a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-machine-approver:v4.11.0-202208020235.p0.g3ee1fe4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-monitoring-operator:v4.11.0-202208020235.p0.gfcc377d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-network-operator:v4.11.0-202208020235.p0.g3528a6b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-node-tuning-operator:v4.11.0-202208020235.p0.ga7921b7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-apiserver-operator:v4.11.0-202208020235.p0.g5ddbeef.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-controller-manager-operator:v4.11.0-202208020235.p0.g0315835.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-policy-controller-rhel8:v4.11.0-202208020235.p0.gc7201ed.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-samples-operator:v4.11.0-202208020235.p0.g375a4a9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-storage-operator:v4.11.0-202208020235.p0.gce8a6de.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-update-keys:v4.11.0-202207070244.p0.g289032f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-version-operator:v4.11.0-202208020235.p0.g96cc88c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-configmap-reloader:v4.11.0-202208020235.p0.gb7c03bb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console-operator:v4.11.0-202208020235.p0.g501e91f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console:v4.11.0-202208021257.p0.ge0d49a2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-container-networking-plugins-rhel8:v4.11.0-202208020235.p0.g0ad9da6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-coredns:v4.11.0-202208020235.p0.g7fe212f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8-operator:v4.11.0-202208020235.p0.g12cb253.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-nfs-rhel8:v4.11.0-202208020235.p0.gf144bb4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.11.0-202208020706.p0.gd3985eb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-webhook-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher-rhel8:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner-rhel8:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer-rhel8:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe-rhel8:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar-rhel8:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-deployer:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-builder:v4.11.0-202208020235.p0.gb500d85.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-registry:v4.11.0-202208020235.p0.g9f07f43.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-etcd:v4.11.0-202208020235.p0.g80cc14e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g9a303b1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gff20dda.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gbc7bad4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.11.0-202208020235.p0.gf9d7fdc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-grafana:v4.11.0-202208020235.p0.g6773185.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-haproxy-router:v4.11.0-202208020235.p0.g601ba57.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hyperkube:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hypershift-rhel8:v4.11.0-202208020235.p0.g65f10a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gce83696.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.ge4a2180.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.11.0-202208020235.p0.gc85624d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.11.0-202208020235.p0.g32e18fa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.11.0-202208020235.p0.g3bde969.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-image-customization-controller-rhel8:v4.11.0-202208020235.p0.g42b4b1f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-insights-rhel8-operator:v4.11.0-202208020235.p0.g0929403.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer-artifacts:v4.11.0-202208020706.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-agent-rhel8:v4.11.0-202207132222.p0.gd84c963.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.11.0-202208020235.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-rhel8:v4.11.0-202207132222.p0.gb1863f8.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-static-ip-manager-rhel8:v4.11.0-202207070244.p0.g84a378e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-k8s-prometheus-adapter:v4.11.0-202208020235.p0.g32fb8ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-keepalived-ipfailover:v4.11.0-202207070244.p0.gf1330f6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-proxy:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-rbac-proxy:v4.11.0-202208020235.p0.ga805ba5.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-state-metrics:v4.11.0-202208020235.p0.g896d000.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-storage-version-migrator-rhel8:v4.11.0-202208020235.p0.g596745c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-cni-rhel8:v4.11.0-202208020235.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-controller-rhel8:v4.11.0-202208011446.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-libvirt-machine-controllers:v4.11.0-202208020235.p0.gb6e14ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-operator:v4.11.0-202208020235.p0.g4e3e83c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-aws-rhel8:v4.11.0-202208020235.p0.gd701bcb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-gcp-rhel8:v4.11.0-202208020235.p0.g17a3a9f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-openstack-rhel8:v4.11.0-202208020235.p0.geb7e497.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-config-operator:v4.11.0-202208020235.p0.ge722bb7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-os-images-rhel8:v4.11.0-202208020235.p0.g1150735.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-admission-controller:v4.11.0-202208020235.p0.gf38aae4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-cni:v4.11.0-202208020235.p0.g3cc5a3a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-networkpolicy-rhel8:v4.11.0-202208020706.p0.g643fdaf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-route-override-cni-rhel8:v4.11.0-202208020235.p0.g523b790.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.11.0-202208020235.p0.g9951259.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-must-gather:v4.11.0-202208020706.p0.g32bca40.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-interface-bond-cni-rhel8:v4.11.0-202208020235.p0.gd69bd07.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-metrics-daemon-rhel8:v4.11.0-202208020235.p0.g9482ac9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-nutanix-machine-controllers-rhel8:v4.11.0-202208020235.p0.ga94eb77.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-apiserver-rhel8:v4.11.0-202208020235.p0.gf60f1c1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-proxy:v4.11.0-202208020235.p0.gaad1b28.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-server-rhel8:v4.11.0-202208020235.p0.g8d80088.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-apiserver-rhel8:v4.11.0-202208020235.p0.g4b6f874.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-controller-manager-rhel8:v4.11.0-202208020235.p0.g46157a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-state-metrics-rhel8:v4.11.0-202208020235.p0.g1a7a5dc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gae4c45c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-machine-controllers:v4.11.0-202208020235.p0.g440ca42.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-lifecycle-manager:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-marketplace:v4.11.0-202208020235.p0.g040c64e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-registry:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovirt-machine-controllers-rhel8:v4.11.0-202208020235.p0.g5a93d94.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovn-kubernetes:v4.11.0-202208020706.p0.g2e00ec0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-pod:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g8ace6e9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-machine-controllers-rhel8:v4.11.0-202208020235.p0.g76649b3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prom-label-proxy:v4.11.0-202208020235.p0.gaf12fbc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-alertmanager:v4.11.0-202208020235.p0.g05cfc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-config-reloader:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-node-exporter:v4.11.0-202208020235.p0.g0102201.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator-admission-webhook-rhel8:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus:v4.11.0-202208020235.p0.gd2dfc27.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-sdn-rhel8:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-service-ca-operator:v4.11.0-202208020235.p0.g0899d11.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-telemeter:v4.11.0-202208020235.p0.g77b2966.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tests:v4.11.0-202208020706.p0.gb860532.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-thanos-rhel8:v4.11.0-202208020235.p0.gf08da2d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tools-rhel8:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g6fd8e8d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gf67d1d0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-problem-detector-rhel8:v4.11.0-202208020235.p0.g5910f33.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel7:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g7a30e38.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43565", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43565" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43565", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43565" }, { "category": "external", "summary": "CVE-2021-43565", "url": "https://access.redhat.com/security/cve/CVE-2021-43565" }, { "category": "external", "summary": "bz#2030787: CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030787" } ], "release_date": "2021-12-02T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.11:openshift4/ose-installer:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-azure-rhel8:v4.11.0-202208020706.p0.g93b3f9e.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2022:5069" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.11:openshift4/ose-installer:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-azure-rhel8:v4.11.0-202208020706.p0.g93b3f9e.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2021-12-07T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic" }, { "cve": "CVE-2021-44906", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-03-19T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.11:openshift4/cloud-network-config-controller-rhel8:v4.11.0-202208020706.p0.g7a3c3c9.assembly.stream", "8Base-RHOSE-4.11:openshift4/driver-toolkit-rhel8:v4.11.0-202208020947.p0.g4e799c0.assembly.stream", "8Base-RHOSE-4.11:openshift4/egress-router-cni-rhel8:v4.11.0-202208020235.p0.gfccaf1d.assembly.stream", "8Base-RHOSE-4.11:openshift4/network-tools-rhel8:v4.11.0-202208020947.p0.g1845124.assembly.stream", "8Base-RHOSE-4.11:openshift4/oc-mirror-plugin-rhel8:v4.11.0-202208020235.p0.g3c1c80c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-api-server-rhel8:v4.11.0-202208020706.p0.g0f52647.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-csr-approver-rhel8:v4.11.0-202208020706.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-node-agent-rhel8:v4.11.0-202208020235.p0.gb17b06b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-orchestrator-rhel8:v4.11.0-202208020235.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g79dddb1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.11.0-202208020235.p0.g8dd7ae6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.11.0-202208020235.p0.gf70a51b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-machine-controllers-rhel8:v4.11.0-202208020235.p0.g4145108.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-apiserver-network-proxy-rhel8:v4.11.0-202208020235.p0.g1966e0d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gea1a9b2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gb3fe15b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g2c7529e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.11.0-202208020235.p0.g7564046.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.11.0-202208020235.p0.ga085f1c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-node-manager-rhel8:v4.11.0-202208020706.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.ga851a35.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gc4197c3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8:v4.11.0-202208020235.p0.g0fe424e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gcbe7044.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-rhel8:v4.11.0-202208020235.p0.g67c3831.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-installer-rhel8:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-rhel8-operator:v4.11.0-202208020235.p0.g22b522c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-runtimecfg-rhel8:v4.11.0-202208020235.p0.g70d770d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli-artifacts:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cloud-credential-operator:v4.11.0-202208020235.p0.g9a40d74.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-api-rhel8:v4.11.0-202208020235.p0.gf9c215c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-authentication-operator:v4.11.0-202208020235.p0.ge2bcbaa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler-operator:v4.11.0-202208020706.p0.gfcffbcd.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler:v4.11.0-202208020235.p0.g80a9b6d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202208020235.p0.g0f415d1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-bootstrap:v4.11.0-202208020235.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-operator-container-rhel8:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-rhel8-operator:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.11.0-202208020235.p0.gc2f2cbf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-config-operator:v4.11.0-202208020235.p0.g0e01b06.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.11.0-202208020706.p0.g8d0774f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-dns-operator:v4.11.0-202208020235.p0.g8998093.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-etcd-rhel8-operator:v4.11.0-202208020235.p0.gbcae2f3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-image-registry-operator:v4.11.0-202208020235.p0.g4d66ea3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-ingress-operator:v4.11.0-202208020235.p0.g2432dad.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-apiserver-operator:v4.11.0-202208020235.p0.gc7c94db.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-cluster-api-rhel8-operator:v4.11.0-202208020235.p0.g55efc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-controller-manager-operator:v4.11.0-202208020235.p0.ga6cb428.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-scheduler-operator:v4.11.0-202208020235.p0.gb8fed26.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.11.0-202208020235.p0.g12d050a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-machine-approver:v4.11.0-202208020235.p0.g3ee1fe4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-monitoring-operator:v4.11.0-202208020235.p0.gfcc377d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-network-operator:v4.11.0-202208020235.p0.g3528a6b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-node-tuning-operator:v4.11.0-202208020235.p0.ga7921b7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-apiserver-operator:v4.11.0-202208020235.p0.g5ddbeef.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-controller-manager-operator:v4.11.0-202208020235.p0.g0315835.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-policy-controller-rhel8:v4.11.0-202208020235.p0.gc7201ed.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-samples-operator:v4.11.0-202208020235.p0.g375a4a9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-storage-operator:v4.11.0-202208020235.p0.gce8a6de.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-update-keys:v4.11.0-202207070244.p0.g289032f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-version-operator:v4.11.0-202208020235.p0.g96cc88c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-configmap-reloader:v4.11.0-202208020235.p0.gb7c03bb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console-operator:v4.11.0-202208020235.p0.g501e91f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console:v4.11.0-202208021257.p0.ge0d49a2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-container-networking-plugins-rhel8:v4.11.0-202208020235.p0.g0ad9da6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-coredns:v4.11.0-202208020235.p0.g7fe212f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8-operator:v4.11.0-202208020235.p0.g12cb253.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-nfs-rhel8:v4.11.0-202208020235.p0.gf144bb4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.11.0-202208020706.p0.gd3985eb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-webhook-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher-rhel8:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner-rhel8:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer-rhel8:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe-rhel8:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar-rhel8:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-deployer:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-builder:v4.11.0-202208020235.p0.gb500d85.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-registry:v4.11.0-202208020235.p0.g9f07f43.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-etcd:v4.11.0-202208020235.p0.g80cc14e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g9a303b1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gff20dda.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gbc7bad4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.11.0-202208020235.p0.gf9d7fdc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-haproxy-router:v4.11.0-202208020235.p0.g601ba57.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hyperkube:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hypershift-rhel8:v4.11.0-202208020235.p0.g65f10a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gce83696.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.ge4a2180.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.11.0-202208020235.p0.gc85624d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.11.0-202208020235.p0.g32e18fa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.11.0-202208020235.p0.g3bde969.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-image-customization-controller-rhel8:v4.11.0-202208020235.p0.g42b4b1f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-insights-rhel8-operator:v4.11.0-202208020235.p0.g0929403.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer-artifacts:v4.11.0-202208020706.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-agent-rhel8:v4.11.0-202207132222.p0.gd84c963.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.11.0-202208020235.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-rhel8:v4.11.0-202207132222.p0.gb1863f8.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-static-ip-manager-rhel8:v4.11.0-202207070244.p0.g84a378e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-k8s-prometheus-adapter:v4.11.0-202208020235.p0.g32fb8ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-keepalived-ipfailover:v4.11.0-202207070244.p0.gf1330f6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-proxy:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-rbac-proxy:v4.11.0-202208020235.p0.ga805ba5.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-state-metrics:v4.11.0-202208020235.p0.g896d000.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-storage-version-migrator-rhel8:v4.11.0-202208020235.p0.g596745c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-cni-rhel8:v4.11.0-202208020235.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-controller-rhel8:v4.11.0-202208011446.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-libvirt-machine-controllers:v4.11.0-202208020235.p0.gb6e14ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-operator:v4.11.0-202208020235.p0.g4e3e83c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-aws-rhel8:v4.11.0-202208020235.p0.gd701bcb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-azure-rhel8:v4.11.0-202208020706.p0.g93b3f9e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-gcp-rhel8:v4.11.0-202208020235.p0.g17a3a9f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-openstack-rhel8:v4.11.0-202208020235.p0.geb7e497.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-config-operator:v4.11.0-202208020235.p0.ge722bb7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-os-images-rhel8:v4.11.0-202208020235.p0.g1150735.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-admission-controller:v4.11.0-202208020235.p0.gf38aae4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-cni:v4.11.0-202208020235.p0.g3cc5a3a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-networkpolicy-rhel8:v4.11.0-202208020706.p0.g643fdaf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-route-override-cni-rhel8:v4.11.0-202208020235.p0.g523b790.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.11.0-202208020235.p0.g9951259.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-must-gather:v4.11.0-202208020706.p0.g32bca40.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-interface-bond-cni-rhel8:v4.11.0-202208020235.p0.gd69bd07.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-metrics-daemon-rhel8:v4.11.0-202208020235.p0.g9482ac9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-nutanix-machine-controllers-rhel8:v4.11.0-202208020235.p0.ga94eb77.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-apiserver-rhel8:v4.11.0-202208020235.p0.gf60f1c1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-proxy:v4.11.0-202208020235.p0.gaad1b28.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-server-rhel8:v4.11.0-202208020235.p0.g8d80088.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-apiserver-rhel8:v4.11.0-202208020235.p0.g4b6f874.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-controller-manager-rhel8:v4.11.0-202208020235.p0.g46157a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-state-metrics-rhel8:v4.11.0-202208020235.p0.g1a7a5dc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gae4c45c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-machine-controllers:v4.11.0-202208020235.p0.g440ca42.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-lifecycle-manager:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-marketplace:v4.11.0-202208020235.p0.g040c64e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-registry:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovirt-machine-controllers-rhel8:v4.11.0-202208020235.p0.g5a93d94.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovn-kubernetes:v4.11.0-202208020706.p0.g2e00ec0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-pod:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g8ace6e9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-machine-controllers-rhel8:v4.11.0-202208020235.p0.g76649b3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prom-label-proxy:v4.11.0-202208020235.p0.gaf12fbc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-alertmanager:v4.11.0-202208020235.p0.g05cfc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-config-reloader:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-node-exporter:v4.11.0-202208020235.p0.g0102201.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator-admission-webhook-rhel8:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-sdn-rhel8:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-service-ca-operator:v4.11.0-202208020235.p0.g0899d11.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-telemeter:v4.11.0-202208020235.p0.g77b2966.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tests:v4.11.0-202208020706.p0.gb860532.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tools-rhel8:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g6fd8e8d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gf67d1d0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-problem-detector-rhel8:v4.11.0-202208020235.p0.g5910f33.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel7:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g7a30e38.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "prototype pollution", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.11:openshift4/ose-grafana:v4.11.0-202208020235.p0.g6773185.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus:v4.11.0-202208020235.p0.gd2dfc27.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-thanos-rhel8:v4.11.0-202208020235.p0.gf08da2d.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.11:openshift4/cloud-network-config-controller-rhel8:v4.11.0-202208020706.p0.g7a3c3c9.assembly.stream", "8Base-RHOSE-4.11:openshift4/driver-toolkit-rhel8:v4.11.0-202208020947.p0.g4e799c0.assembly.stream", "8Base-RHOSE-4.11:openshift4/egress-router-cni-rhel8:v4.11.0-202208020235.p0.gfccaf1d.assembly.stream", "8Base-RHOSE-4.11:openshift4/network-tools-rhel8:v4.11.0-202208020947.p0.g1845124.assembly.stream", "8Base-RHOSE-4.11:openshift4/oc-mirror-plugin-rhel8:v4.11.0-202208020235.p0.g3c1c80c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-api-server-rhel8:v4.11.0-202208020706.p0.g0f52647.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-csr-approver-rhel8:v4.11.0-202208020706.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-node-agent-rhel8:v4.11.0-202208020235.p0.gb17b06b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-orchestrator-rhel8:v4.11.0-202208020235.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g79dddb1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.11.0-202208020235.p0.g8dd7ae6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.11.0-202208020235.p0.gf70a51b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-machine-controllers-rhel8:v4.11.0-202208020235.p0.g4145108.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-apiserver-network-proxy-rhel8:v4.11.0-202208020235.p0.g1966e0d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gea1a9b2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gb3fe15b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g2c7529e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.11.0-202208020235.p0.g7564046.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.11.0-202208020235.p0.ga085f1c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-node-manager-rhel8:v4.11.0-202208020706.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.ga851a35.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gc4197c3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8:v4.11.0-202208020235.p0.g0fe424e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gcbe7044.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-rhel8:v4.11.0-202208020235.p0.g67c3831.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-installer-rhel8:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-rhel8-operator:v4.11.0-202208020235.p0.g22b522c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-runtimecfg-rhel8:v4.11.0-202208020235.p0.g70d770d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli-artifacts:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cloud-credential-operator:v4.11.0-202208020235.p0.g9a40d74.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-api-rhel8:v4.11.0-202208020235.p0.gf9c215c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-authentication-operator:v4.11.0-202208020235.p0.ge2bcbaa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler-operator:v4.11.0-202208020706.p0.gfcffbcd.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler:v4.11.0-202208020235.p0.g80a9b6d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202208020235.p0.g0f415d1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-bootstrap:v4.11.0-202208020235.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-operator-container-rhel8:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-rhel8-operator:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.11.0-202208020235.p0.gc2f2cbf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-config-operator:v4.11.0-202208020235.p0.g0e01b06.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.11.0-202208020706.p0.g8d0774f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-dns-operator:v4.11.0-202208020235.p0.g8998093.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-etcd-rhel8-operator:v4.11.0-202208020235.p0.gbcae2f3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-image-registry-operator:v4.11.0-202208020235.p0.g4d66ea3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-ingress-operator:v4.11.0-202208020235.p0.g2432dad.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-apiserver-operator:v4.11.0-202208020235.p0.gc7c94db.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-cluster-api-rhel8-operator:v4.11.0-202208020235.p0.g55efc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-controller-manager-operator:v4.11.0-202208020235.p0.ga6cb428.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-scheduler-operator:v4.11.0-202208020235.p0.gb8fed26.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.11.0-202208020235.p0.g12d050a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-machine-approver:v4.11.0-202208020235.p0.g3ee1fe4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-monitoring-operator:v4.11.0-202208020235.p0.gfcc377d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-network-operator:v4.11.0-202208020235.p0.g3528a6b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-node-tuning-operator:v4.11.0-202208020235.p0.ga7921b7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-apiserver-operator:v4.11.0-202208020235.p0.g5ddbeef.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-controller-manager-operator:v4.11.0-202208020235.p0.g0315835.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-policy-controller-rhel8:v4.11.0-202208020235.p0.gc7201ed.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-samples-operator:v4.11.0-202208020235.p0.g375a4a9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-storage-operator:v4.11.0-202208020235.p0.gce8a6de.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-update-keys:v4.11.0-202207070244.p0.g289032f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-version-operator:v4.11.0-202208020235.p0.g96cc88c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-configmap-reloader:v4.11.0-202208020235.p0.gb7c03bb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console-operator:v4.11.0-202208020235.p0.g501e91f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console:v4.11.0-202208021257.p0.ge0d49a2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-container-networking-plugins-rhel8:v4.11.0-202208020235.p0.g0ad9da6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-coredns:v4.11.0-202208020235.p0.g7fe212f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8-operator:v4.11.0-202208020235.p0.g12cb253.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-nfs-rhel8:v4.11.0-202208020235.p0.gf144bb4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.11.0-202208020706.p0.gd3985eb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-webhook-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher-rhel8:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner-rhel8:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer-rhel8:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe-rhel8:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar-rhel8:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-deployer:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-builder:v4.11.0-202208020235.p0.gb500d85.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-registry:v4.11.0-202208020235.p0.g9f07f43.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-etcd:v4.11.0-202208020235.p0.g80cc14e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g9a303b1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gff20dda.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gbc7bad4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.11.0-202208020235.p0.gf9d7fdc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-haproxy-router:v4.11.0-202208020235.p0.g601ba57.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hyperkube:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hypershift-rhel8:v4.11.0-202208020235.p0.g65f10a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gce83696.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.ge4a2180.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.11.0-202208020235.p0.gc85624d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.11.0-202208020235.p0.g32e18fa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.11.0-202208020235.p0.g3bde969.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-image-customization-controller-rhel8:v4.11.0-202208020235.p0.g42b4b1f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-insights-rhel8-operator:v4.11.0-202208020235.p0.g0929403.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer-artifacts:v4.11.0-202208020706.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-agent-rhel8:v4.11.0-202207132222.p0.gd84c963.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.11.0-202208020235.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-rhel8:v4.11.0-202207132222.p0.gb1863f8.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-static-ip-manager-rhel8:v4.11.0-202207070244.p0.g84a378e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-k8s-prometheus-adapter:v4.11.0-202208020235.p0.g32fb8ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-keepalived-ipfailover:v4.11.0-202207070244.p0.gf1330f6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-proxy:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-rbac-proxy:v4.11.0-202208020235.p0.ga805ba5.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-state-metrics:v4.11.0-202208020235.p0.g896d000.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-storage-version-migrator-rhel8:v4.11.0-202208020235.p0.g596745c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-cni-rhel8:v4.11.0-202208020235.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-controller-rhel8:v4.11.0-202208011446.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-libvirt-machine-controllers:v4.11.0-202208020235.p0.gb6e14ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-operator:v4.11.0-202208020235.p0.g4e3e83c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-aws-rhel8:v4.11.0-202208020235.p0.gd701bcb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-azure-rhel8:v4.11.0-202208020706.p0.g93b3f9e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-gcp-rhel8:v4.11.0-202208020235.p0.g17a3a9f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-openstack-rhel8:v4.11.0-202208020235.p0.geb7e497.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-config-operator:v4.11.0-202208020235.p0.ge722bb7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-os-images-rhel8:v4.11.0-202208020235.p0.g1150735.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-admission-controller:v4.11.0-202208020235.p0.gf38aae4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-cni:v4.11.0-202208020235.p0.g3cc5a3a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-networkpolicy-rhel8:v4.11.0-202208020706.p0.g643fdaf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-route-override-cni-rhel8:v4.11.0-202208020235.p0.g523b790.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.11.0-202208020235.p0.g9951259.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-must-gather:v4.11.0-202208020706.p0.g32bca40.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-interface-bond-cni-rhel8:v4.11.0-202208020235.p0.gd69bd07.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-metrics-daemon-rhel8:v4.11.0-202208020235.p0.g9482ac9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-nutanix-machine-controllers-rhel8:v4.11.0-202208020235.p0.ga94eb77.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-apiserver-rhel8:v4.11.0-202208020235.p0.gf60f1c1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-proxy:v4.11.0-202208020235.p0.gaad1b28.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-server-rhel8:v4.11.0-202208020235.p0.g8d80088.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-apiserver-rhel8:v4.11.0-202208020235.p0.g4b6f874.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-controller-manager-rhel8:v4.11.0-202208020235.p0.g46157a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-state-metrics-rhel8:v4.11.0-202208020235.p0.g1a7a5dc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gae4c45c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-machine-controllers:v4.11.0-202208020235.p0.g440ca42.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-lifecycle-manager:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-marketplace:v4.11.0-202208020235.p0.g040c64e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-registry:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovirt-machine-controllers-rhel8:v4.11.0-202208020235.p0.g5a93d94.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovn-kubernetes:v4.11.0-202208020706.p0.g2e00ec0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-pod:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g8ace6e9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-machine-controllers-rhel8:v4.11.0-202208020235.p0.g76649b3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prom-label-proxy:v4.11.0-202208020235.p0.gaf12fbc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-alertmanager:v4.11.0-202208020235.p0.g05cfc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-config-reloader:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-node-exporter:v4.11.0-202208020235.p0.g0102201.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator-admission-webhook-rhel8:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-sdn-rhel8:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-service-ca-operator:v4.11.0-202208020235.p0.g0899d11.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-telemeter:v4.11.0-202208020235.p0.g77b2966.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tests:v4.11.0-202208020706.p0.gb860532.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tools-rhel8:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g6fd8e8d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gf67d1d0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-problem-detector-rhel8:v4.11.0-202208020235.p0.g5910f33.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel7:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g7a30e38.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h" }, { "category": "external", "summary": "CVE-2021-44906", "url": "https://access.redhat.com/security/cve/CVE-2021-44906" }, { "category": "external", "summary": "bz#2066009: prototype pollution", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" } ], "release_date": "2022-03-10T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.11:openshift4/ose-grafana:v4.11.0-202208020235.p0.g6773185.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus:v4.11.0-202208020235.p0.gd2dfc27.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-thanos-rhel8:v4.11.0-202208020235.p0.gf08da2d.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2022:5069" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.11:openshift4/ose-grafana:v4.11.0-202208020235.p0.g6773185.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus:v4.11.0-202208020235.p0.gd2dfc27.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-thanos-rhel8:v4.11.0-202208020235.p0.gf08da2d.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2022-03-19T00:00:00Z", "details": "Moderate" } ], "title": "prototype pollution" }, { "cve": "CVE-2022-0235", "cwe": { "id": "CWE-601", "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)" }, "discovery_date": "2022-01-16T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.11:openshift4/cloud-network-config-controller-rhel8:v4.11.0-202208020706.p0.g7a3c3c9.assembly.stream", "8Base-RHOSE-4.11:openshift4/driver-toolkit-rhel8:v4.11.0-202208020947.p0.g4e799c0.assembly.stream", "8Base-RHOSE-4.11:openshift4/egress-router-cni-rhel8:v4.11.0-202208020235.p0.gfccaf1d.assembly.stream", "8Base-RHOSE-4.11:openshift4/network-tools-rhel8:v4.11.0-202208020947.p0.g1845124.assembly.stream", "8Base-RHOSE-4.11:openshift4/oc-mirror-plugin-rhel8:v4.11.0-202208020235.p0.g3c1c80c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-api-server-rhel8:v4.11.0-202208020706.p0.g0f52647.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-csr-approver-rhel8:v4.11.0-202208020706.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-node-agent-rhel8:v4.11.0-202208020235.p0.gb17b06b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-orchestrator-rhel8:v4.11.0-202208020235.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g79dddb1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.11.0-202208020235.p0.g8dd7ae6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.11.0-202208020235.p0.gf70a51b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-machine-controllers-rhel8:v4.11.0-202208020235.p0.g4145108.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-apiserver-network-proxy-rhel8:v4.11.0-202208020235.p0.g1966e0d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gea1a9b2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gb3fe15b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g2c7529e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.11.0-202208020235.p0.g7564046.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.11.0-202208020235.p0.ga085f1c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-node-manager-rhel8:v4.11.0-202208020706.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.ga851a35.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gc4197c3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8:v4.11.0-202208020235.p0.g0fe424e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gcbe7044.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-rhel8:v4.11.0-202208020235.p0.g67c3831.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-installer-rhel8:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-rhel8-operator:v4.11.0-202208020235.p0.g22b522c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-runtimecfg-rhel8:v4.11.0-202208020235.p0.g70d770d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli-artifacts:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cloud-credential-operator:v4.11.0-202208020235.p0.g9a40d74.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-api-rhel8:v4.11.0-202208020235.p0.gf9c215c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-authentication-operator:v4.11.0-202208020235.p0.ge2bcbaa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler-operator:v4.11.0-202208020706.p0.gfcffbcd.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler:v4.11.0-202208020235.p0.g80a9b6d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202208020235.p0.g0f415d1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-bootstrap:v4.11.0-202208020235.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-operator-container-rhel8:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-rhel8-operator:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.11.0-202208020235.p0.gc2f2cbf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-config-operator:v4.11.0-202208020235.p0.g0e01b06.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.11.0-202208020706.p0.g8d0774f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-dns-operator:v4.11.0-202208020235.p0.g8998093.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-etcd-rhel8-operator:v4.11.0-202208020235.p0.gbcae2f3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-image-registry-operator:v4.11.0-202208020235.p0.g4d66ea3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-ingress-operator:v4.11.0-202208020235.p0.g2432dad.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-apiserver-operator:v4.11.0-202208020235.p0.gc7c94db.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-cluster-api-rhel8-operator:v4.11.0-202208020235.p0.g55efc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-controller-manager-operator:v4.11.0-202208020235.p0.ga6cb428.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-scheduler-operator:v4.11.0-202208020235.p0.gb8fed26.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.11.0-202208020235.p0.g12d050a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-machine-approver:v4.11.0-202208020235.p0.g3ee1fe4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-monitoring-operator:v4.11.0-202208020235.p0.gfcc377d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-network-operator:v4.11.0-202208020235.p0.g3528a6b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-node-tuning-operator:v4.11.0-202208020235.p0.ga7921b7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-apiserver-operator:v4.11.0-202208020235.p0.g5ddbeef.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-controller-manager-operator:v4.11.0-202208020235.p0.g0315835.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-policy-controller-rhel8:v4.11.0-202208020235.p0.gc7201ed.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-samples-operator:v4.11.0-202208020235.p0.g375a4a9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-storage-operator:v4.11.0-202208020235.p0.gce8a6de.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-update-keys:v4.11.0-202207070244.p0.g289032f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-version-operator:v4.11.0-202208020235.p0.g96cc88c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-configmap-reloader:v4.11.0-202208020235.p0.gb7c03bb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console-operator:v4.11.0-202208020235.p0.g501e91f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console:v4.11.0-202208021257.p0.ge0d49a2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-container-networking-plugins-rhel8:v4.11.0-202208020235.p0.g0ad9da6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-coredns:v4.11.0-202208020235.p0.g7fe212f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8-operator:v4.11.0-202208020235.p0.g12cb253.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-nfs-rhel8:v4.11.0-202208020235.p0.gf144bb4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.11.0-202208020706.p0.gd3985eb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-webhook-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher-rhel8:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner-rhel8:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer-rhel8:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe-rhel8:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar-rhel8:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-deployer:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-builder:v4.11.0-202208020235.p0.gb500d85.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-registry:v4.11.0-202208020235.p0.g9f07f43.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-etcd:v4.11.0-202208020235.p0.g80cc14e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g9a303b1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gff20dda.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gbc7bad4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.11.0-202208020235.p0.gf9d7fdc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-grafana:v4.11.0-202208020235.p0.g6773185.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-haproxy-router:v4.11.0-202208020235.p0.g601ba57.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hyperkube:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hypershift-rhel8:v4.11.0-202208020235.p0.g65f10a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gce83696.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.ge4a2180.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.11.0-202208020235.p0.gc85624d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.11.0-202208020235.p0.g32e18fa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.11.0-202208020235.p0.g3bde969.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-image-customization-controller-rhel8:v4.11.0-202208020235.p0.g42b4b1f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-insights-rhel8-operator:v4.11.0-202208020235.p0.g0929403.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer-artifacts:v4.11.0-202208020706.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-agent-rhel8:v4.11.0-202207132222.p0.gd84c963.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.11.0-202208020235.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-rhel8:v4.11.0-202207132222.p0.gb1863f8.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-static-ip-manager-rhel8:v4.11.0-202207070244.p0.g84a378e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-k8s-prometheus-adapter:v4.11.0-202208020235.p0.g32fb8ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-keepalived-ipfailover:v4.11.0-202207070244.p0.gf1330f6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-proxy:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-rbac-proxy:v4.11.0-202208020235.p0.ga805ba5.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-state-metrics:v4.11.0-202208020235.p0.g896d000.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-storage-version-migrator-rhel8:v4.11.0-202208020235.p0.g596745c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-cni-rhel8:v4.11.0-202208020235.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-controller-rhel8:v4.11.0-202208011446.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-libvirt-machine-controllers:v4.11.0-202208020235.p0.gb6e14ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-operator:v4.11.0-202208020235.p0.g4e3e83c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-aws-rhel8:v4.11.0-202208020235.p0.gd701bcb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-azure-rhel8:v4.11.0-202208020706.p0.g93b3f9e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-gcp-rhel8:v4.11.0-202208020235.p0.g17a3a9f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-openstack-rhel8:v4.11.0-202208020235.p0.geb7e497.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-config-operator:v4.11.0-202208020235.p0.ge722bb7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-os-images-rhel8:v4.11.0-202208020235.p0.g1150735.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-admission-controller:v4.11.0-202208020235.p0.gf38aae4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-cni:v4.11.0-202208020235.p0.g3cc5a3a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-networkpolicy-rhel8:v4.11.0-202208020706.p0.g643fdaf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-route-override-cni-rhel8:v4.11.0-202208020235.p0.g523b790.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.11.0-202208020235.p0.g9951259.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-must-gather:v4.11.0-202208020706.p0.g32bca40.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-interface-bond-cni-rhel8:v4.11.0-202208020235.p0.gd69bd07.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-metrics-daemon-rhel8:v4.11.0-202208020235.p0.g9482ac9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-nutanix-machine-controllers-rhel8:v4.11.0-202208020235.p0.ga94eb77.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-apiserver-rhel8:v4.11.0-202208020235.p0.gf60f1c1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-proxy:v4.11.0-202208020235.p0.gaad1b28.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-server-rhel8:v4.11.0-202208020235.p0.g8d80088.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-apiserver-rhel8:v4.11.0-202208020235.p0.g4b6f874.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-controller-manager-rhel8:v4.11.0-202208020235.p0.g46157a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-state-metrics-rhel8:v4.11.0-202208020235.p0.g1a7a5dc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gae4c45c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-machine-controllers:v4.11.0-202208020235.p0.g440ca42.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-lifecycle-manager:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-marketplace:v4.11.0-202208020235.p0.g040c64e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-registry:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovirt-machine-controllers-rhel8:v4.11.0-202208020235.p0.g5a93d94.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovn-kubernetes:v4.11.0-202208020706.p0.g2e00ec0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-pod:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g8ace6e9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-machine-controllers-rhel8:v4.11.0-202208020235.p0.g76649b3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prom-label-proxy:v4.11.0-202208020235.p0.gaf12fbc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-alertmanager:v4.11.0-202208020235.p0.g05cfc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-config-reloader:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-node-exporter:v4.11.0-202208020235.p0.g0102201.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator-admission-webhook-rhel8:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus:v4.11.0-202208020235.p0.gd2dfc27.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-sdn-rhel8:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-service-ca-operator:v4.11.0-202208020235.p0.g0899d11.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-telemeter:v4.11.0-202208020235.p0.g77b2966.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tests:v4.11.0-202208020706.p0.gb860532.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tools-rhel8:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g6fd8e8d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gf67d1d0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-problem-detector-rhel8:v4.11.0-202208020235.p0.g5910f33.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel7:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g7a30e38.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=2044591" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "title": "Vulnerability description" }, { "category": "summary", "text": "exposure of sensitive information to an unauthorized actor", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.11:openshift4/ose-thanos-rhel8:v4.11.0-202208020235.p0.gf08da2d.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.11:openshift4/cloud-network-config-controller-rhel8:v4.11.0-202208020706.p0.g7a3c3c9.assembly.stream", "8Base-RHOSE-4.11:openshift4/driver-toolkit-rhel8:v4.11.0-202208020947.p0.g4e799c0.assembly.stream", "8Base-RHOSE-4.11:openshift4/egress-router-cni-rhel8:v4.11.0-202208020235.p0.gfccaf1d.assembly.stream", "8Base-RHOSE-4.11:openshift4/network-tools-rhel8:v4.11.0-202208020947.p0.g1845124.assembly.stream", "8Base-RHOSE-4.11:openshift4/oc-mirror-plugin-rhel8:v4.11.0-202208020235.p0.g3c1c80c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-api-server-rhel8:v4.11.0-202208020706.p0.g0f52647.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-csr-approver-rhel8:v4.11.0-202208020706.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-node-agent-rhel8:v4.11.0-202208020235.p0.gb17b06b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-orchestrator-rhel8:v4.11.0-202208020235.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g79dddb1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.11.0-202208020235.p0.g8dd7ae6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.11.0-202208020235.p0.gf70a51b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-machine-controllers-rhel8:v4.11.0-202208020235.p0.g4145108.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-apiserver-network-proxy-rhel8:v4.11.0-202208020235.p0.g1966e0d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gea1a9b2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gb3fe15b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g2c7529e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.11.0-202208020235.p0.g7564046.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.11.0-202208020235.p0.ga085f1c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-node-manager-rhel8:v4.11.0-202208020706.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.ga851a35.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gc4197c3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8:v4.11.0-202208020235.p0.g0fe424e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gcbe7044.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-rhel8:v4.11.0-202208020235.p0.g67c3831.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-installer-rhel8:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-rhel8-operator:v4.11.0-202208020235.p0.g22b522c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-runtimecfg-rhel8:v4.11.0-202208020235.p0.g70d770d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli-artifacts:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cloud-credential-operator:v4.11.0-202208020235.p0.g9a40d74.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-api-rhel8:v4.11.0-202208020235.p0.gf9c215c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-authentication-operator:v4.11.0-202208020235.p0.ge2bcbaa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler-operator:v4.11.0-202208020706.p0.gfcffbcd.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler:v4.11.0-202208020235.p0.g80a9b6d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202208020235.p0.g0f415d1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-bootstrap:v4.11.0-202208020235.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-operator-container-rhel8:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-rhel8-operator:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.11.0-202208020235.p0.gc2f2cbf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-config-operator:v4.11.0-202208020235.p0.g0e01b06.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.11.0-202208020706.p0.g8d0774f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-dns-operator:v4.11.0-202208020235.p0.g8998093.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-etcd-rhel8-operator:v4.11.0-202208020235.p0.gbcae2f3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-image-registry-operator:v4.11.0-202208020235.p0.g4d66ea3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-ingress-operator:v4.11.0-202208020235.p0.g2432dad.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-apiserver-operator:v4.11.0-202208020235.p0.gc7c94db.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-cluster-api-rhel8-operator:v4.11.0-202208020235.p0.g55efc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-controller-manager-operator:v4.11.0-202208020235.p0.ga6cb428.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-scheduler-operator:v4.11.0-202208020235.p0.gb8fed26.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.11.0-202208020235.p0.g12d050a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-machine-approver:v4.11.0-202208020235.p0.g3ee1fe4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-monitoring-operator:v4.11.0-202208020235.p0.gfcc377d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-network-operator:v4.11.0-202208020235.p0.g3528a6b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-node-tuning-operator:v4.11.0-202208020235.p0.ga7921b7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-apiserver-operator:v4.11.0-202208020235.p0.g5ddbeef.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-controller-manager-operator:v4.11.0-202208020235.p0.g0315835.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-policy-controller-rhel8:v4.11.0-202208020235.p0.gc7201ed.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-samples-operator:v4.11.0-202208020235.p0.g375a4a9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-storage-operator:v4.11.0-202208020235.p0.gce8a6de.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-update-keys:v4.11.0-202207070244.p0.g289032f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-version-operator:v4.11.0-202208020235.p0.g96cc88c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-configmap-reloader:v4.11.0-202208020235.p0.gb7c03bb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console-operator:v4.11.0-202208020235.p0.g501e91f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console:v4.11.0-202208021257.p0.ge0d49a2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-container-networking-plugins-rhel8:v4.11.0-202208020235.p0.g0ad9da6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-coredns:v4.11.0-202208020235.p0.g7fe212f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8-operator:v4.11.0-202208020235.p0.g12cb253.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-nfs-rhel8:v4.11.0-202208020235.p0.gf144bb4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.11.0-202208020706.p0.gd3985eb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-webhook-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher-rhel8:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner-rhel8:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer-rhel8:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe-rhel8:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar-rhel8:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-deployer:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-builder:v4.11.0-202208020235.p0.gb500d85.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-registry:v4.11.0-202208020235.p0.g9f07f43.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-etcd:v4.11.0-202208020235.p0.g80cc14e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g9a303b1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gff20dda.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gbc7bad4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.11.0-202208020235.p0.gf9d7fdc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-grafana:v4.11.0-202208020235.p0.g6773185.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-haproxy-router:v4.11.0-202208020235.p0.g601ba57.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hyperkube:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hypershift-rhel8:v4.11.0-202208020235.p0.g65f10a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gce83696.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.ge4a2180.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.11.0-202208020235.p0.gc85624d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.11.0-202208020235.p0.g32e18fa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.11.0-202208020235.p0.g3bde969.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-image-customization-controller-rhel8:v4.11.0-202208020235.p0.g42b4b1f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-insights-rhel8-operator:v4.11.0-202208020235.p0.g0929403.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer-artifacts:v4.11.0-202208020706.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-agent-rhel8:v4.11.0-202207132222.p0.gd84c963.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.11.0-202208020235.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-rhel8:v4.11.0-202207132222.p0.gb1863f8.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-static-ip-manager-rhel8:v4.11.0-202207070244.p0.g84a378e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-k8s-prometheus-adapter:v4.11.0-202208020235.p0.g32fb8ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-keepalived-ipfailover:v4.11.0-202207070244.p0.gf1330f6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-proxy:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-rbac-proxy:v4.11.0-202208020235.p0.ga805ba5.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-state-metrics:v4.11.0-202208020235.p0.g896d000.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-storage-version-migrator-rhel8:v4.11.0-202208020235.p0.g596745c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-cni-rhel8:v4.11.0-202208020235.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-controller-rhel8:v4.11.0-202208011446.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-libvirt-machine-controllers:v4.11.0-202208020235.p0.gb6e14ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-operator:v4.11.0-202208020235.p0.g4e3e83c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-aws-rhel8:v4.11.0-202208020235.p0.gd701bcb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-azure-rhel8:v4.11.0-202208020706.p0.g93b3f9e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-gcp-rhel8:v4.11.0-202208020235.p0.g17a3a9f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-openstack-rhel8:v4.11.0-202208020235.p0.geb7e497.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-config-operator:v4.11.0-202208020235.p0.ge722bb7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-os-images-rhel8:v4.11.0-202208020235.p0.g1150735.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-admission-controller:v4.11.0-202208020235.p0.gf38aae4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-cni:v4.11.0-202208020235.p0.g3cc5a3a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-networkpolicy-rhel8:v4.11.0-202208020706.p0.g643fdaf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-route-override-cni-rhel8:v4.11.0-202208020235.p0.g523b790.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.11.0-202208020235.p0.g9951259.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-must-gather:v4.11.0-202208020706.p0.g32bca40.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-interface-bond-cni-rhel8:v4.11.0-202208020235.p0.gd69bd07.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-metrics-daemon-rhel8:v4.11.0-202208020235.p0.g9482ac9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-nutanix-machine-controllers-rhel8:v4.11.0-202208020235.p0.ga94eb77.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-apiserver-rhel8:v4.11.0-202208020235.p0.gf60f1c1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-proxy:v4.11.0-202208020235.p0.gaad1b28.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-server-rhel8:v4.11.0-202208020235.p0.g8d80088.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-apiserver-rhel8:v4.11.0-202208020235.p0.g4b6f874.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-controller-manager-rhel8:v4.11.0-202208020235.p0.g46157a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-state-metrics-rhel8:v4.11.0-202208020235.p0.g1a7a5dc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gae4c45c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-machine-controllers:v4.11.0-202208020235.p0.g440ca42.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-lifecycle-manager:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-marketplace:v4.11.0-202208020235.p0.g040c64e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-registry:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovirt-machine-controllers-rhel8:v4.11.0-202208020235.p0.g5a93d94.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovn-kubernetes:v4.11.0-202208020706.p0.g2e00ec0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-pod:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g8ace6e9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-machine-controllers-rhel8:v4.11.0-202208020235.p0.g76649b3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prom-label-proxy:v4.11.0-202208020235.p0.gaf12fbc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-alertmanager:v4.11.0-202208020235.p0.g05cfc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-config-reloader:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-node-exporter:v4.11.0-202208020235.p0.g0102201.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator-admission-webhook-rhel8:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus:v4.11.0-202208020235.p0.gd2dfc27.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-sdn-rhel8:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-service-ca-operator:v4.11.0-202208020235.p0.g0899d11.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-telemeter:v4.11.0-202208020235.p0.g77b2966.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tests:v4.11.0-202208020706.p0.gb860532.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tools-rhel8:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g6fd8e8d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gf67d1d0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-problem-detector-rhel8:v4.11.0-202208020235.p0.g5910f33.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel7:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g7a30e38.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0235", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0235" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0235", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0235" }, { "category": "external", "summary": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/", "url": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/" }, { "category": "external", "summary": "CVE-2022-0235", "url": "https://access.redhat.com/security/cve/CVE-2022-0235" }, { "category": "external", "summary": "bz#2044591: exposure of sensitive information to an unauthorized actor", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044591" } ], "release_date": "2022-01-14T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.11:openshift4/ose-thanos-rhel8:v4.11.0-202208020235.p0.gf08da2d.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2022:5069" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.11:openshift4/ose-thanos-rhel8:v4.11.0-202208020235.p0.gf08da2d.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2022-01-16T00:00:00Z", "details": "Moderate" } ], "title": "exposure of sensitive information to an unauthorized actor" }, { "cve": "CVE-2022-21698", "cwe": { "id": "CWE-772", "name": "Missing Release of Resource after Effective Lifetime" }, "discovery_date": "2022-01-19T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.11:openshift4/cloud-network-config-controller-rhel8:v4.11.0-202208020706.p0.g7a3c3c9.assembly.stream", "8Base-RHOSE-4.11:openshift4/driver-toolkit-rhel8:v4.11.0-202208020947.p0.g4e799c0.assembly.stream", "8Base-RHOSE-4.11:openshift4/egress-router-cni-rhel8:v4.11.0-202208020235.p0.gfccaf1d.assembly.stream", "8Base-RHOSE-4.11:openshift4/network-tools-rhel8:v4.11.0-202208020947.p0.g1845124.assembly.stream", "8Base-RHOSE-4.11:openshift4/oc-mirror-plugin-rhel8:v4.11.0-202208020235.p0.g3c1c80c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-api-server-rhel8:v4.11.0-202208020706.p0.g0f52647.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-csr-approver-rhel8:v4.11.0-202208020706.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-node-agent-rhel8:v4.11.0-202208020235.p0.gb17b06b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-orchestrator-rhel8:v4.11.0-202208020235.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g79dddb1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.11.0-202208020235.p0.g8dd7ae6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-apiserver-network-proxy-rhel8:v4.11.0-202208020235.p0.g1966e0d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gea1a9b2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gb3fe15b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.11.0-202208020235.p0.g7564046.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-node-manager-rhel8:v4.11.0-202208020706.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.ga851a35.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-installer-rhel8:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-rhel8-operator:v4.11.0-202208020235.p0.g22b522c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-runtimecfg-rhel8:v4.11.0-202208020235.p0.g70d770d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli-artifacts:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-api-rhel8:v4.11.0-202208020235.p0.gf9c215c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-authentication-operator:v4.11.0-202208020235.p0.ge2bcbaa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler:v4.11.0-202208020235.p0.g80a9b6d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202208020235.p0.g0f415d1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-bootstrap:v4.11.0-202208020235.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-config-operator:v4.11.0-202208020235.p0.g0e01b06.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-dns-operator:v4.11.0-202208020235.p0.g8998093.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-ingress-operator:v4.11.0-202208020235.p0.g2432dad.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-apiserver-operator:v4.11.0-202208020235.p0.gc7c94db.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-cluster-api-rhel8-operator:v4.11.0-202208020235.p0.g55efc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.11.0-202208020235.p0.g12d050a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-machine-approver:v4.11.0-202208020235.p0.g3ee1fe4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-apiserver-operator:v4.11.0-202208020235.p0.g5ddbeef.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-update-keys:v4.11.0-202207070244.p0.g289032f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-version-operator:v4.11.0-202208020235.p0.g96cc88c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console-operator:v4.11.0-202208020235.p0.g501e91f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-container-networking-plugins-rhel8:v4.11.0-202208020235.p0.g0ad9da6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-coredns:v4.11.0-202208020235.p0.g7fe212f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-webhook-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher-rhel8:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe-rhel8:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar-rhel8:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-deployer:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-etcd:v4.11.0-202208020235.p0.g80cc14e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g9a303b1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gff20dda.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.11.0-202208020235.p0.gf9d7fdc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-grafana:v4.11.0-202208020235.p0.g6773185.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hyperkube:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hypershift-rhel8:v4.11.0-202208020235.p0.g65f10a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gce83696.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.11.0-202208020235.p0.gc85624d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.11.0-202208020235.p0.g32e18fa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-image-customization-controller-rhel8:v4.11.0-202208020235.p0.g42b4b1f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-insights-rhel8-operator:v4.11.0-202208020235.p0.g0929403.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer-artifacts:v4.11.0-202208020706.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-agent-rhel8:v4.11.0-202207132222.p0.gd84c963.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.11.0-202208020235.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-rhel8:v4.11.0-202207132222.p0.gb1863f8.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-static-ip-manager-rhel8:v4.11.0-202207070244.p0.g84a378e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-k8s-prometheus-adapter:v4.11.0-202208020235.p0.g32fb8ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-keepalived-ipfailover:v4.11.0-202207070244.p0.gf1330f6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-proxy:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-rbac-proxy:v4.11.0-202208020235.p0.ga805ba5.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-storage-version-migrator-rhel8:v4.11.0-202208020235.p0.g596745c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-cni-rhel8:v4.11.0-202208020235.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-controller-rhel8:v4.11.0-202208011446.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-libvirt-machine-controllers:v4.11.0-202208020235.p0.gb6e14ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-aws-rhel8:v4.11.0-202208020235.p0.gd701bcb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-azure-rhel8:v4.11.0-202208020706.p0.g93b3f9e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-gcp-rhel8:v4.11.0-202208020235.p0.g17a3a9f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-openstack-rhel8:v4.11.0-202208020235.p0.geb7e497.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-os-images-rhel8:v4.11.0-202208020235.p0.g1150735.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-admission-controller:v4.11.0-202208020235.p0.gf38aae4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-cni:v4.11.0-202208020235.p0.g3cc5a3a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-networkpolicy-rhel8:v4.11.0-202208020706.p0.g643fdaf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-route-override-cni-rhel8:v4.11.0-202208020235.p0.g523b790.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.11.0-202208020235.p0.g9951259.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-must-gather:v4.11.0-202208020706.p0.g32bca40.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-interface-bond-cni-rhel8:v4.11.0-202208020235.p0.gd69bd07.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-nutanix-machine-controllers-rhel8:v4.11.0-202208020235.p0.ga94eb77.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-apiserver-rhel8:v4.11.0-202208020235.p0.gf60f1c1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-proxy:v4.11.0-202208020235.p0.gaad1b28.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-server-rhel8:v4.11.0-202208020235.p0.g8d80088.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-apiserver-rhel8:v4.11.0-202208020235.p0.g4b6f874.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-registry:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovirt-machine-controllers-rhel8:v4.11.0-202208020235.p0.g5a93d94.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovn-kubernetes:v4.11.0-202208020706.p0.g2e00ec0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-pod:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g8ace6e9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-machine-controllers-rhel8:v4.11.0-202208020235.p0.g76649b3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prom-label-proxy:v4.11.0-202208020235.p0.gaf12fbc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-config-reloader:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-node-exporter:v4.11.0-202208020235.p0.g0102201.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator-admission-webhook-rhel8:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-service-ca-operator:v4.11.0-202208020235.p0.g0899d11.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tools-rhel8:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gf67d1d0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "Denial of service using InstrumentHandlerCounter", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.11:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.11.0-202208020235.p0.gf70a51b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-machine-controllers-rhel8:v4.11.0-202208020235.p0.g4145108.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g2c7529e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.11.0-202208020235.p0.ga085f1c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gc4197c3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8:v4.11.0-202208020235.p0.g0fe424e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gcbe7044.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-rhel8:v4.11.0-202208020235.p0.g67c3831.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cloud-credential-operator:v4.11.0-202208020235.p0.g9a40d74.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler-operator:v4.11.0-202208020706.p0.gfcffbcd.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-operator-container-rhel8:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-rhel8-operator:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.11.0-202208020235.p0.gc2f2cbf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.11.0-202208020706.p0.g8d0774f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-etcd-rhel8-operator:v4.11.0-202208020235.p0.gbcae2f3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-image-registry-operator:v4.11.0-202208020235.p0.g4d66ea3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-controller-manager-operator:v4.11.0-202208020235.p0.ga6cb428.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-scheduler-operator:v4.11.0-202208020235.p0.gb8fed26.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-monitoring-operator:v4.11.0-202208020235.p0.gfcc377d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-network-operator:v4.11.0-202208020235.p0.g3528a6b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-node-tuning-operator:v4.11.0-202208020235.p0.ga7921b7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-controller-manager-operator:v4.11.0-202208020235.p0.g0315835.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-policy-controller-rhel8:v4.11.0-202208020235.p0.gc7201ed.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-samples-operator:v4.11.0-202208020235.p0.g375a4a9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-storage-operator:v4.11.0-202208020235.p0.gce8a6de.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-configmap-reloader:v4.11.0-202208020235.p0.gb7c03bb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console:v4.11.0-202208021257.p0.ge0d49a2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8-operator:v4.11.0-202208020235.p0.g12cb253.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-nfs-rhel8:v4.11.0-202208020235.p0.gf144bb4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.11.0-202208020706.p0.gd3985eb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner-rhel8:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer-rhel8:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-builder:v4.11.0-202208020235.p0.gb500d85.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-registry:v4.11.0-202208020235.p0.g9f07f43.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gbc7bad4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-haproxy-router:v4.11.0-202208020235.p0.g601ba57.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.ge4a2180.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.11.0-202208020235.p0.g3bde969.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-state-metrics:v4.11.0-202208020235.p0.g896d000.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-operator:v4.11.0-202208020235.p0.g4e3e83c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-config-operator:v4.11.0-202208020235.p0.ge722bb7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-metrics-daemon-rhel8:v4.11.0-202208020235.p0.g9482ac9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-controller-manager-rhel8:v4.11.0-202208020235.p0.g46157a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-state-metrics-rhel8:v4.11.0-202208020235.p0.g1a7a5dc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gae4c45c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-machine-controllers:v4.11.0-202208020235.p0.g440ca42.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-lifecycle-manager:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-marketplace:v4.11.0-202208020235.p0.g040c64e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-alertmanager:v4.11.0-202208020235.p0.g05cfc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus:v4.11.0-202208020235.p0.gd2dfc27.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-sdn-rhel8:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-telemeter:v4.11.0-202208020235.p0.g77b2966.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tests:v4.11.0-202208020706.p0.gb860532.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-thanos-rhel8:v4.11.0-202208020235.p0.gf08da2d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g6fd8e8d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-problem-detector-rhel8:v4.11.0-202208020235.p0.g5910f33.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel7:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g7a30e38.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.11:openshift4/cloud-network-config-controller-rhel8:v4.11.0-202208020706.p0.g7a3c3c9.assembly.stream", "8Base-RHOSE-4.11:openshift4/driver-toolkit-rhel8:v4.11.0-202208020947.p0.g4e799c0.assembly.stream", "8Base-RHOSE-4.11:openshift4/egress-router-cni-rhel8:v4.11.0-202208020235.p0.gfccaf1d.assembly.stream", "8Base-RHOSE-4.11:openshift4/network-tools-rhel8:v4.11.0-202208020947.p0.g1845124.assembly.stream", "8Base-RHOSE-4.11:openshift4/oc-mirror-plugin-rhel8:v4.11.0-202208020235.p0.g3c1c80c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-api-server-rhel8:v4.11.0-202208020706.p0.g0f52647.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-csr-approver-rhel8:v4.11.0-202208020706.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-node-agent-rhel8:v4.11.0-202208020235.p0.gb17b06b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-orchestrator-rhel8:v4.11.0-202208020235.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g79dddb1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.11.0-202208020235.p0.g8dd7ae6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-apiserver-network-proxy-rhel8:v4.11.0-202208020235.p0.g1966e0d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gea1a9b2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gb3fe15b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.11.0-202208020235.p0.g7564046.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-node-manager-rhel8:v4.11.0-202208020706.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.ga851a35.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-installer-rhel8:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-rhel8-operator:v4.11.0-202208020235.p0.g22b522c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-runtimecfg-rhel8:v4.11.0-202208020235.p0.g70d770d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli-artifacts:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-api-rhel8:v4.11.0-202208020235.p0.gf9c215c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-authentication-operator:v4.11.0-202208020235.p0.ge2bcbaa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler:v4.11.0-202208020235.p0.g80a9b6d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202208020235.p0.g0f415d1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-bootstrap:v4.11.0-202208020235.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-config-operator:v4.11.0-202208020235.p0.g0e01b06.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-dns-operator:v4.11.0-202208020235.p0.g8998093.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-ingress-operator:v4.11.0-202208020235.p0.g2432dad.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-apiserver-operator:v4.11.0-202208020235.p0.gc7c94db.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-cluster-api-rhel8-operator:v4.11.0-202208020235.p0.g55efc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.11.0-202208020235.p0.g12d050a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-machine-approver:v4.11.0-202208020235.p0.g3ee1fe4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-apiserver-operator:v4.11.0-202208020235.p0.g5ddbeef.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-update-keys:v4.11.0-202207070244.p0.g289032f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-version-operator:v4.11.0-202208020235.p0.g96cc88c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console-operator:v4.11.0-202208020235.p0.g501e91f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-container-networking-plugins-rhel8:v4.11.0-202208020235.p0.g0ad9da6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-coredns:v4.11.0-202208020235.p0.g7fe212f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-webhook-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher-rhel8:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe-rhel8:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar-rhel8:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-deployer:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-etcd:v4.11.0-202208020235.p0.g80cc14e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g9a303b1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gff20dda.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.11.0-202208020235.p0.gf9d7fdc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-grafana:v4.11.0-202208020235.p0.g6773185.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hyperkube:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hypershift-rhel8:v4.11.0-202208020235.p0.g65f10a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gce83696.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.11.0-202208020235.p0.gc85624d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.11.0-202208020235.p0.g32e18fa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-image-customization-controller-rhel8:v4.11.0-202208020235.p0.g42b4b1f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-insights-rhel8-operator:v4.11.0-202208020235.p0.g0929403.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer-artifacts:v4.11.0-202208020706.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-agent-rhel8:v4.11.0-202207132222.p0.gd84c963.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.11.0-202208020235.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-rhel8:v4.11.0-202207132222.p0.gb1863f8.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-static-ip-manager-rhel8:v4.11.0-202207070244.p0.g84a378e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-k8s-prometheus-adapter:v4.11.0-202208020235.p0.g32fb8ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-keepalived-ipfailover:v4.11.0-202207070244.p0.gf1330f6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-proxy:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-rbac-proxy:v4.11.0-202208020235.p0.ga805ba5.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-storage-version-migrator-rhel8:v4.11.0-202208020235.p0.g596745c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-cni-rhel8:v4.11.0-202208020235.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-controller-rhel8:v4.11.0-202208011446.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-libvirt-machine-controllers:v4.11.0-202208020235.p0.gb6e14ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-aws-rhel8:v4.11.0-202208020235.p0.gd701bcb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-azure-rhel8:v4.11.0-202208020706.p0.g93b3f9e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-gcp-rhel8:v4.11.0-202208020235.p0.g17a3a9f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-openstack-rhel8:v4.11.0-202208020235.p0.geb7e497.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-os-images-rhel8:v4.11.0-202208020235.p0.g1150735.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-admission-controller:v4.11.0-202208020235.p0.gf38aae4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-cni:v4.11.0-202208020235.p0.g3cc5a3a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-networkpolicy-rhel8:v4.11.0-202208020706.p0.g643fdaf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-route-override-cni-rhel8:v4.11.0-202208020235.p0.g523b790.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.11.0-202208020235.p0.g9951259.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-must-gather:v4.11.0-202208020706.p0.g32bca40.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-interface-bond-cni-rhel8:v4.11.0-202208020235.p0.gd69bd07.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-nutanix-machine-controllers-rhel8:v4.11.0-202208020235.p0.ga94eb77.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-apiserver-rhel8:v4.11.0-202208020235.p0.gf60f1c1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-proxy:v4.11.0-202208020235.p0.gaad1b28.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-server-rhel8:v4.11.0-202208020235.p0.g8d80088.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-apiserver-rhel8:v4.11.0-202208020235.p0.g4b6f874.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-registry:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovirt-machine-controllers-rhel8:v4.11.0-202208020235.p0.g5a93d94.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovn-kubernetes:v4.11.0-202208020706.p0.g2e00ec0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-pod:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g8ace6e9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-machine-controllers-rhel8:v4.11.0-202208020235.p0.g76649b3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prom-label-proxy:v4.11.0-202208020235.p0.gaf12fbc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-config-reloader:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-node-exporter:v4.11.0-202208020235.p0.g0102201.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator-admission-webhook-rhel8:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-service-ca-operator:v4.11.0-202208020235.p0.g0899d11.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tools-rhel8:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gf67d1d0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21698", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21698" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698" }, { "category": "external", "summary": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p", "url": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p" }, { "category": "external", "summary": "CVE-2022-21698", "url": "https://access.redhat.com/security/cve/CVE-2022-21698" }, { "category": "external", "summary": "bz#2045880: Denial of service using InstrumentHandlerCounter", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880" } ], "release_date": "2022-02-15T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.11:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.11.0-202208020235.p0.gf70a51b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-machine-controllers-rhel8:v4.11.0-202208020235.p0.g4145108.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g2c7529e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.11.0-202208020235.p0.ga085f1c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gc4197c3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8:v4.11.0-202208020235.p0.g0fe424e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gcbe7044.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-rhel8:v4.11.0-202208020235.p0.g67c3831.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cloud-credential-operator:v4.11.0-202208020235.p0.g9a40d74.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler-operator:v4.11.0-202208020706.p0.gfcffbcd.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-operator-container-rhel8:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-rhel8-operator:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.11.0-202208020235.p0.gc2f2cbf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.11.0-202208020706.p0.g8d0774f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-etcd-rhel8-operator:v4.11.0-202208020235.p0.gbcae2f3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-image-registry-operator:v4.11.0-202208020235.p0.g4d66ea3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-controller-manager-operator:v4.11.0-202208020235.p0.ga6cb428.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-scheduler-operator:v4.11.0-202208020235.p0.gb8fed26.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-monitoring-operator:v4.11.0-202208020235.p0.gfcc377d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-network-operator:v4.11.0-202208020235.p0.g3528a6b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-node-tuning-operator:v4.11.0-202208020235.p0.ga7921b7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-controller-manager-operator:v4.11.0-202208020235.p0.g0315835.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-policy-controller-rhel8:v4.11.0-202208020235.p0.gc7201ed.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-samples-operator:v4.11.0-202208020235.p0.g375a4a9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-storage-operator:v4.11.0-202208020235.p0.gce8a6de.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-configmap-reloader:v4.11.0-202208020235.p0.gb7c03bb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console:v4.11.0-202208021257.p0.ge0d49a2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8-operator:v4.11.0-202208020235.p0.g12cb253.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-nfs-rhel8:v4.11.0-202208020235.p0.gf144bb4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.11.0-202208020706.p0.gd3985eb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner-rhel8:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer-rhel8:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-builder:v4.11.0-202208020235.p0.gb500d85.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-registry:v4.11.0-202208020235.p0.g9f07f43.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gbc7bad4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-haproxy-router:v4.11.0-202208020235.p0.g601ba57.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.ge4a2180.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.11.0-202208020235.p0.g3bde969.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-state-metrics:v4.11.0-202208020235.p0.g896d000.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-operator:v4.11.0-202208020235.p0.g4e3e83c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-config-operator:v4.11.0-202208020235.p0.ge722bb7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-metrics-daemon-rhel8:v4.11.0-202208020235.p0.g9482ac9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-controller-manager-rhel8:v4.11.0-202208020235.p0.g46157a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-state-metrics-rhel8:v4.11.0-202208020235.p0.g1a7a5dc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gae4c45c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-machine-controllers:v4.11.0-202208020235.p0.g440ca42.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-lifecycle-manager:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-marketplace:v4.11.0-202208020235.p0.g040c64e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-alertmanager:v4.11.0-202208020235.p0.g05cfc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus:v4.11.0-202208020235.p0.gd2dfc27.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-sdn-rhel8:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-telemeter:v4.11.0-202208020235.p0.g77b2966.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tests:v4.11.0-202208020706.p0.gb860532.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-thanos-rhel8:v4.11.0-202208020235.p0.gf08da2d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g6fd8e8d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-problem-detector-rhel8:v4.11.0-202208020235.p0.g5910f33.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel7:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g7a30e38.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2022:5069" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.11:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.11.0-202208020235.p0.gf70a51b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-machine-controllers-rhel8:v4.11.0-202208020235.p0.g4145108.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g2c7529e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.11.0-202208020235.p0.ga085f1c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gc4197c3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8:v4.11.0-202208020235.p0.g0fe424e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gcbe7044.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-rhel8:v4.11.0-202208020235.p0.g67c3831.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cloud-credential-operator:v4.11.0-202208020235.p0.g9a40d74.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler-operator:v4.11.0-202208020706.p0.gfcffbcd.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-operator-container-rhel8:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-rhel8-operator:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.11.0-202208020235.p0.gc2f2cbf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.11.0-202208020706.p0.g8d0774f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-etcd-rhel8-operator:v4.11.0-202208020235.p0.gbcae2f3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-image-registry-operator:v4.11.0-202208020235.p0.g4d66ea3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-controller-manager-operator:v4.11.0-202208020235.p0.ga6cb428.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-scheduler-operator:v4.11.0-202208020235.p0.gb8fed26.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-monitoring-operator:v4.11.0-202208020235.p0.gfcc377d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-network-operator:v4.11.0-202208020235.p0.g3528a6b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-node-tuning-operator:v4.11.0-202208020235.p0.ga7921b7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-controller-manager-operator:v4.11.0-202208020235.p0.g0315835.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-policy-controller-rhel8:v4.11.0-202208020235.p0.gc7201ed.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-samples-operator:v4.11.0-202208020235.p0.g375a4a9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-storage-operator:v4.11.0-202208020235.p0.gce8a6de.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-configmap-reloader:v4.11.0-202208020235.p0.gb7c03bb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console:v4.11.0-202208021257.p0.ge0d49a2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8-operator:v4.11.0-202208020235.p0.g12cb253.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-nfs-rhel8:v4.11.0-202208020235.p0.gf144bb4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.11.0-202208020706.p0.gd3985eb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner-rhel8:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer-rhel8:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-builder:v4.11.0-202208020235.p0.gb500d85.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-registry:v4.11.0-202208020235.p0.g9f07f43.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gbc7bad4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-haproxy-router:v4.11.0-202208020235.p0.g601ba57.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.ge4a2180.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.11.0-202208020235.p0.g3bde969.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-state-metrics:v4.11.0-202208020235.p0.g896d000.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-operator:v4.11.0-202208020235.p0.g4e3e83c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-config-operator:v4.11.0-202208020235.p0.ge722bb7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-metrics-daemon-rhel8:v4.11.0-202208020235.p0.g9482ac9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-controller-manager-rhel8:v4.11.0-202208020235.p0.g46157a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-state-metrics-rhel8:v4.11.0-202208020235.p0.g1a7a5dc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gae4c45c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-machine-controllers:v4.11.0-202208020235.p0.g440ca42.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-lifecycle-manager:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-marketplace:v4.11.0-202208020235.p0.g040c64e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-alertmanager:v4.11.0-202208020235.p0.g05cfc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus:v4.11.0-202208020235.p0.gd2dfc27.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-sdn-rhel8:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-telemeter:v4.11.0-202208020235.p0.g77b2966.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tests:v4.11.0-202208020706.p0.gb860532.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-thanos-rhel8:v4.11.0-202208020235.p0.gf08da2d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g6fd8e8d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-problem-detector-rhel8:v4.11.0-202208020235.p0.g5910f33.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel7:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g7a30e38.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2022-01-19T00:00:00Z", "details": "Moderate" } ], "title": "Denial of service using InstrumentHandlerCounter" }, { "cve": "CVE-2022-26945", "cwe": { "id": "CWE-77", "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)" }, "discovery_date": "2022-05-25T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.11:openshift4/cloud-network-config-controller-rhel8:v4.11.0-202208020706.p0.g7a3c3c9.assembly.stream", "8Base-RHOSE-4.11:openshift4/driver-toolkit-rhel8:v4.11.0-202208020947.p0.g4e799c0.assembly.stream", "8Base-RHOSE-4.11:openshift4/egress-router-cni-rhel8:v4.11.0-202208020235.p0.gfccaf1d.assembly.stream", "8Base-RHOSE-4.11:openshift4/network-tools-rhel8:v4.11.0-202208020947.p0.g1845124.assembly.stream", "8Base-RHOSE-4.11:openshift4/oc-mirror-plugin-rhel8:v4.11.0-202208020235.p0.g3c1c80c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-api-server-rhel8:v4.11.0-202208020706.p0.g0f52647.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-csr-approver-rhel8:v4.11.0-202208020706.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-node-agent-rhel8:v4.11.0-202208020235.p0.gb17b06b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-orchestrator-rhel8:v4.11.0-202208020235.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g79dddb1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.11.0-202208020235.p0.g8dd7ae6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.11.0-202208020235.p0.gf70a51b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-machine-controllers-rhel8:v4.11.0-202208020235.p0.g4145108.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-apiserver-network-proxy-rhel8:v4.11.0-202208020235.p0.g1966e0d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gea1a9b2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gb3fe15b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g2c7529e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.11.0-202208020235.p0.g7564046.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.11.0-202208020235.p0.ga085f1c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-node-manager-rhel8:v4.11.0-202208020706.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.ga851a35.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gc4197c3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8:v4.11.0-202208020235.p0.g0fe424e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gcbe7044.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-rhel8:v4.11.0-202208020235.p0.g67c3831.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-installer-rhel8:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-runtimecfg-rhel8:v4.11.0-202208020235.p0.g70d770d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli-artifacts:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cloud-credential-operator:v4.11.0-202208020235.p0.g9a40d74.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-api-rhel8:v4.11.0-202208020235.p0.gf9c215c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-authentication-operator:v4.11.0-202208020235.p0.ge2bcbaa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler-operator:v4.11.0-202208020706.p0.gfcffbcd.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler:v4.11.0-202208020235.p0.g80a9b6d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-bootstrap:v4.11.0-202208020235.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-operator-container-rhel8:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-rhel8-operator:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.11.0-202208020235.p0.gc2f2cbf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-config-operator:v4.11.0-202208020235.p0.g0e01b06.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.11.0-202208020706.p0.g8d0774f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-dns-operator:v4.11.0-202208020235.p0.g8998093.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-etcd-rhel8-operator:v4.11.0-202208020235.p0.gbcae2f3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-image-registry-operator:v4.11.0-202208020235.p0.g4d66ea3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-ingress-operator:v4.11.0-202208020235.p0.g2432dad.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-apiserver-operator:v4.11.0-202208020235.p0.gc7c94db.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-cluster-api-rhel8-operator:v4.11.0-202208020235.p0.g55efc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-controller-manager-operator:v4.11.0-202208020235.p0.ga6cb428.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-scheduler-operator:v4.11.0-202208020235.p0.gb8fed26.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.11.0-202208020235.p0.g12d050a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-machine-approver:v4.11.0-202208020235.p0.g3ee1fe4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-monitoring-operator:v4.11.0-202208020235.p0.gfcc377d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-network-operator:v4.11.0-202208020235.p0.g3528a6b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-node-tuning-operator:v4.11.0-202208020235.p0.ga7921b7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-apiserver-operator:v4.11.0-202208020235.p0.g5ddbeef.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-controller-manager-operator:v4.11.0-202208020235.p0.g0315835.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-policy-controller-rhel8:v4.11.0-202208020235.p0.gc7201ed.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-samples-operator:v4.11.0-202208020235.p0.g375a4a9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-storage-operator:v4.11.0-202208020235.p0.gce8a6de.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-update-keys:v4.11.0-202207070244.p0.g289032f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-version-operator:v4.11.0-202208020235.p0.g96cc88c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-configmap-reloader:v4.11.0-202208020235.p0.gb7c03bb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console-operator:v4.11.0-202208020235.p0.g501e91f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console:v4.11.0-202208021257.p0.ge0d49a2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-container-networking-plugins-rhel8:v4.11.0-202208020235.p0.g0ad9da6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-coredns:v4.11.0-202208020235.p0.g7fe212f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8-operator:v4.11.0-202208020235.p0.g12cb253.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-nfs-rhel8:v4.11.0-202208020235.p0.gf144bb4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.11.0-202208020706.p0.gd3985eb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-webhook-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher-rhel8:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner-rhel8:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer-rhel8:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe-rhel8:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar-rhel8:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-deployer:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-builder:v4.11.0-202208020235.p0.gb500d85.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-registry:v4.11.0-202208020235.p0.g9f07f43.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-etcd:v4.11.0-202208020235.p0.g80cc14e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g9a303b1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gff20dda.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gbc7bad4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.11.0-202208020235.p0.gf9d7fdc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-grafana:v4.11.0-202208020235.p0.g6773185.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-haproxy-router:v4.11.0-202208020235.p0.g601ba57.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hyperkube:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hypershift-rhel8:v4.11.0-202208020235.p0.g65f10a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gce83696.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.ge4a2180.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.11.0-202208020235.p0.gc85624d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.11.0-202208020235.p0.g32e18fa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.11.0-202208020235.p0.g3bde969.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-image-customization-controller-rhel8:v4.11.0-202208020235.p0.g42b4b1f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-insights-rhel8-operator:v4.11.0-202208020235.p0.g0929403.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer-artifacts:v4.11.0-202208020706.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-agent-rhel8:v4.11.0-202207132222.p0.gd84c963.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.11.0-202208020235.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-rhel8:v4.11.0-202207132222.p0.gb1863f8.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-static-ip-manager-rhel8:v4.11.0-202207070244.p0.g84a378e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-k8s-prometheus-adapter:v4.11.0-202208020235.p0.g32fb8ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-keepalived-ipfailover:v4.11.0-202207070244.p0.gf1330f6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-proxy:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-rbac-proxy:v4.11.0-202208020235.p0.ga805ba5.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-state-metrics:v4.11.0-202208020235.p0.g896d000.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-storage-version-migrator-rhel8:v4.11.0-202208020235.p0.g596745c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-cni-rhel8:v4.11.0-202208020235.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-controller-rhel8:v4.11.0-202208011446.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-libvirt-machine-controllers:v4.11.0-202208020235.p0.gb6e14ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-operator:v4.11.0-202208020235.p0.g4e3e83c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-aws-rhel8:v4.11.0-202208020235.p0.gd701bcb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-azure-rhel8:v4.11.0-202208020706.p0.g93b3f9e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-gcp-rhel8:v4.11.0-202208020235.p0.g17a3a9f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-openstack-rhel8:v4.11.0-202208020235.p0.geb7e497.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-config-operator:v4.11.0-202208020235.p0.ge722bb7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-os-images-rhel8:v4.11.0-202208020235.p0.g1150735.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-admission-controller:v4.11.0-202208020235.p0.gf38aae4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-cni:v4.11.0-202208020235.p0.g3cc5a3a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-networkpolicy-rhel8:v4.11.0-202208020706.p0.g643fdaf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-route-override-cni-rhel8:v4.11.0-202208020235.p0.g523b790.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.11.0-202208020235.p0.g9951259.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-must-gather:v4.11.0-202208020706.p0.g32bca40.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-interface-bond-cni-rhel8:v4.11.0-202208020235.p0.gd69bd07.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-metrics-daemon-rhel8:v4.11.0-202208020235.p0.g9482ac9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-nutanix-machine-controllers-rhel8:v4.11.0-202208020235.p0.ga94eb77.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-apiserver-rhel8:v4.11.0-202208020235.p0.gf60f1c1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-proxy:v4.11.0-202208020235.p0.gaad1b28.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-server-rhel8:v4.11.0-202208020235.p0.g8d80088.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-apiserver-rhel8:v4.11.0-202208020235.p0.g4b6f874.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-controller-manager-rhel8:v4.11.0-202208020235.p0.g46157a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-state-metrics-rhel8:v4.11.0-202208020235.p0.g1a7a5dc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gae4c45c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-machine-controllers:v4.11.0-202208020235.p0.g440ca42.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-lifecycle-manager:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-marketplace:v4.11.0-202208020235.p0.g040c64e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-registry:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovirt-machine-controllers-rhel8:v4.11.0-202208020235.p0.g5a93d94.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovn-kubernetes:v4.11.0-202208020706.p0.g2e00ec0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-pod:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g8ace6e9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-machine-controllers-rhel8:v4.11.0-202208020235.p0.g76649b3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prom-label-proxy:v4.11.0-202208020235.p0.gaf12fbc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-alertmanager:v4.11.0-202208020235.p0.g05cfc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-config-reloader:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-node-exporter:v4.11.0-202208020235.p0.g0102201.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator-admission-webhook-rhel8:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus:v4.11.0-202208020235.p0.gd2dfc27.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-sdn-rhel8:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-service-ca-operator:v4.11.0-202208020235.p0.g0899d11.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-telemeter:v4.11.0-202208020235.p0.g77b2966.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tests:v4.11.0-202208020706.p0.gb860532.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-thanos-rhel8:v4.11.0-202208020235.p0.gf08da2d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tools-rhel8:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g6fd8e8d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gf67d1d0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-problem-detector-rhel8:v4.11.0-202208020235.p0.g5910f33.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel7:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g7a30e38.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=2092928" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in go-getter. This flaw allows an attacker to misuse go-getter to execute commands on the host. This action may be possible when symlink processing and path traversal are allowed.", "title": "Vulnerability description" }, { "category": "summary", "text": "command injection vulnerability", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.11:openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-rhel8-operator:v4.11.0-202208020235.p0.g22b522c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202208020235.p0.g0f415d1.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.11:openshift4/cloud-network-config-controller-rhel8:v4.11.0-202208020706.p0.g7a3c3c9.assembly.stream", "8Base-RHOSE-4.11:openshift4/driver-toolkit-rhel8:v4.11.0-202208020947.p0.g4e799c0.assembly.stream", "8Base-RHOSE-4.11:openshift4/egress-router-cni-rhel8:v4.11.0-202208020235.p0.gfccaf1d.assembly.stream", "8Base-RHOSE-4.11:openshift4/network-tools-rhel8:v4.11.0-202208020947.p0.g1845124.assembly.stream", "8Base-RHOSE-4.11:openshift4/oc-mirror-plugin-rhel8:v4.11.0-202208020235.p0.g3c1c80c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-api-server-rhel8:v4.11.0-202208020706.p0.g0f52647.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-csr-approver-rhel8:v4.11.0-202208020706.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-node-agent-rhel8:v4.11.0-202208020235.p0.gb17b06b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-orchestrator-rhel8:v4.11.0-202208020235.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g79dddb1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.11.0-202208020235.p0.g8dd7ae6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.11.0-202208020235.p0.gf70a51b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-machine-controllers-rhel8:v4.11.0-202208020235.p0.g4145108.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-apiserver-network-proxy-rhel8:v4.11.0-202208020235.p0.g1966e0d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gea1a9b2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gb3fe15b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g2c7529e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.11.0-202208020235.p0.g7564046.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.11.0-202208020235.p0.ga085f1c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-node-manager-rhel8:v4.11.0-202208020706.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.ga851a35.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gc4197c3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8:v4.11.0-202208020235.p0.g0fe424e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gcbe7044.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-rhel8:v4.11.0-202208020235.p0.g67c3831.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-installer-rhel8:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-runtimecfg-rhel8:v4.11.0-202208020235.p0.g70d770d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli-artifacts:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cloud-credential-operator:v4.11.0-202208020235.p0.g9a40d74.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-api-rhel8:v4.11.0-202208020235.p0.gf9c215c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-authentication-operator:v4.11.0-202208020235.p0.ge2bcbaa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler-operator:v4.11.0-202208020706.p0.gfcffbcd.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler:v4.11.0-202208020235.p0.g80a9b6d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-bootstrap:v4.11.0-202208020235.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-operator-container-rhel8:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-rhel8-operator:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.11.0-202208020235.p0.gc2f2cbf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-config-operator:v4.11.0-202208020235.p0.g0e01b06.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.11.0-202208020706.p0.g8d0774f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-dns-operator:v4.11.0-202208020235.p0.g8998093.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-etcd-rhel8-operator:v4.11.0-202208020235.p0.gbcae2f3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-image-registry-operator:v4.11.0-202208020235.p0.g4d66ea3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-ingress-operator:v4.11.0-202208020235.p0.g2432dad.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-apiserver-operator:v4.11.0-202208020235.p0.gc7c94db.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-cluster-api-rhel8-operator:v4.11.0-202208020235.p0.g55efc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-controller-manager-operator:v4.11.0-202208020235.p0.ga6cb428.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-scheduler-operator:v4.11.0-202208020235.p0.gb8fed26.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.11.0-202208020235.p0.g12d050a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-machine-approver:v4.11.0-202208020235.p0.g3ee1fe4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-monitoring-operator:v4.11.0-202208020235.p0.gfcc377d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-network-operator:v4.11.0-202208020235.p0.g3528a6b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-node-tuning-operator:v4.11.0-202208020235.p0.ga7921b7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-apiserver-operator:v4.11.0-202208020235.p0.g5ddbeef.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-controller-manager-operator:v4.11.0-202208020235.p0.g0315835.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-policy-controller-rhel8:v4.11.0-202208020235.p0.gc7201ed.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-samples-operator:v4.11.0-202208020235.p0.g375a4a9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-storage-operator:v4.11.0-202208020235.p0.gce8a6de.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-update-keys:v4.11.0-202207070244.p0.g289032f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-version-operator:v4.11.0-202208020235.p0.g96cc88c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-configmap-reloader:v4.11.0-202208020235.p0.gb7c03bb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console-operator:v4.11.0-202208020235.p0.g501e91f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console:v4.11.0-202208021257.p0.ge0d49a2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-container-networking-plugins-rhel8:v4.11.0-202208020235.p0.g0ad9da6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-coredns:v4.11.0-202208020235.p0.g7fe212f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8-operator:v4.11.0-202208020235.p0.g12cb253.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-nfs-rhel8:v4.11.0-202208020235.p0.gf144bb4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.11.0-202208020706.p0.gd3985eb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-webhook-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher-rhel8:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner-rhel8:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer-rhel8:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe-rhel8:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar-rhel8:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-deployer:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-builder:v4.11.0-202208020235.p0.gb500d85.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-registry:v4.11.0-202208020235.p0.g9f07f43.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-etcd:v4.11.0-202208020235.p0.g80cc14e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g9a303b1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gff20dda.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gbc7bad4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.11.0-202208020235.p0.gf9d7fdc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-grafana:v4.11.0-202208020235.p0.g6773185.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-haproxy-router:v4.11.0-202208020235.p0.g601ba57.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hyperkube:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hypershift-rhel8:v4.11.0-202208020235.p0.g65f10a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gce83696.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.ge4a2180.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.11.0-202208020235.p0.gc85624d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.11.0-202208020235.p0.g32e18fa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.11.0-202208020235.p0.g3bde969.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-image-customization-controller-rhel8:v4.11.0-202208020235.p0.g42b4b1f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-insights-rhel8-operator:v4.11.0-202208020235.p0.g0929403.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer-artifacts:v4.11.0-202208020706.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-agent-rhel8:v4.11.0-202207132222.p0.gd84c963.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.11.0-202208020235.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-rhel8:v4.11.0-202207132222.p0.gb1863f8.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-static-ip-manager-rhel8:v4.11.0-202207070244.p0.g84a378e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-k8s-prometheus-adapter:v4.11.0-202208020235.p0.g32fb8ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-keepalived-ipfailover:v4.11.0-202207070244.p0.gf1330f6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-proxy:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-rbac-proxy:v4.11.0-202208020235.p0.ga805ba5.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-state-metrics:v4.11.0-202208020235.p0.g896d000.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-storage-version-migrator-rhel8:v4.11.0-202208020235.p0.g596745c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-cni-rhel8:v4.11.0-202208020235.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-controller-rhel8:v4.11.0-202208011446.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-libvirt-machine-controllers:v4.11.0-202208020235.p0.gb6e14ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-operator:v4.11.0-202208020235.p0.g4e3e83c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-aws-rhel8:v4.11.0-202208020235.p0.gd701bcb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-azure-rhel8:v4.11.0-202208020706.p0.g93b3f9e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-gcp-rhel8:v4.11.0-202208020235.p0.g17a3a9f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-openstack-rhel8:v4.11.0-202208020235.p0.geb7e497.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-config-operator:v4.11.0-202208020235.p0.ge722bb7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-os-images-rhel8:v4.11.0-202208020235.p0.g1150735.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-admission-controller:v4.11.0-202208020235.p0.gf38aae4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-cni:v4.11.0-202208020235.p0.g3cc5a3a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-networkpolicy-rhel8:v4.11.0-202208020706.p0.g643fdaf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-route-override-cni-rhel8:v4.11.0-202208020235.p0.g523b790.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.11.0-202208020235.p0.g9951259.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-must-gather:v4.11.0-202208020706.p0.g32bca40.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-interface-bond-cni-rhel8:v4.11.0-202208020235.p0.gd69bd07.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-metrics-daemon-rhel8:v4.11.0-202208020235.p0.g9482ac9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-nutanix-machine-controllers-rhel8:v4.11.0-202208020235.p0.ga94eb77.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-apiserver-rhel8:v4.11.0-202208020235.p0.gf60f1c1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-proxy:v4.11.0-202208020235.p0.gaad1b28.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-server-rhel8:v4.11.0-202208020235.p0.g8d80088.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-apiserver-rhel8:v4.11.0-202208020235.p0.g4b6f874.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-controller-manager-rhel8:v4.11.0-202208020235.p0.g46157a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-state-metrics-rhel8:v4.11.0-202208020235.p0.g1a7a5dc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gae4c45c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-machine-controllers:v4.11.0-202208020235.p0.g440ca42.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-lifecycle-manager:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-marketplace:v4.11.0-202208020235.p0.g040c64e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-registry:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovirt-machine-controllers-rhel8:v4.11.0-202208020235.p0.g5a93d94.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovn-kubernetes:v4.11.0-202208020706.p0.g2e00ec0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-pod:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g8ace6e9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-machine-controllers-rhel8:v4.11.0-202208020235.p0.g76649b3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prom-label-proxy:v4.11.0-202208020235.p0.gaf12fbc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-alertmanager:v4.11.0-202208020235.p0.g05cfc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-config-reloader:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-node-exporter:v4.11.0-202208020235.p0.g0102201.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator-admission-webhook-rhel8:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus:v4.11.0-202208020235.p0.gd2dfc27.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-sdn-rhel8:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-service-ca-operator:v4.11.0-202208020235.p0.g0899d11.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-telemeter:v4.11.0-202208020235.p0.g77b2966.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tests:v4.11.0-202208020706.p0.gb860532.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-thanos-rhel8:v4.11.0-202208020235.p0.gf08da2d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tools-rhel8:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g6fd8e8d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gf67d1d0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-problem-detector-rhel8:v4.11.0-202208020235.p0.g5910f33.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel7:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g7a30e38.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-26945", "url": "https://www.cve.org/CVERecord?id=CVE-2022-26945" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26945", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26945" }, { "category": "external", "summary": "https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930", "url": "https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930" }, { "category": "external", "summary": "CVE-2022-26945", "url": "https://access.redhat.com/security/cve/CVE-2022-26945" }, { "category": "external", "summary": "bz#2092928: command injection vulnerability", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092928" } ], "release_date": "2022-05-24T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.11:openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-rhel8-operator:v4.11.0-202208020235.p0.g22b522c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202208020235.p0.g0f415d1.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2022:5069" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.11:openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-rhel8-operator:v4.11.0-202208020235.p0.g22b522c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202208020235.p0.g0f415d1.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2022-05-25T00:00:00Z", "details": "Important" } ], "title": "command injection vulnerability" }, { "cve": "CVE-2022-27191", "cwe": { "id": "CWE-327", "name": "Use of a Broken or Risky Cryptographic Algorithm" }, "discovery_date": "2022-03-16T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.11:openshift4/cloud-network-config-controller-rhel8:v4.11.0-202208020706.p0.g7a3c3c9.assembly.stream", "8Base-RHOSE-4.11:openshift4/driver-toolkit-rhel8:v4.11.0-202208020947.p0.g4e799c0.assembly.stream", "8Base-RHOSE-4.11:openshift4/egress-router-cni-rhel8:v4.11.0-202208020235.p0.gfccaf1d.assembly.stream", "8Base-RHOSE-4.11:openshift4/network-tools-rhel8:v4.11.0-202208020947.p0.g1845124.assembly.stream", "8Base-RHOSE-4.11:openshift4/oc-mirror-plugin-rhel8:v4.11.0-202208020235.p0.g3c1c80c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-api-server-rhel8:v4.11.0-202208020706.p0.g0f52647.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-csr-approver-rhel8:v4.11.0-202208020706.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-node-agent-rhel8:v4.11.0-202208020235.p0.gb17b06b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-orchestrator-rhel8:v4.11.0-202208020235.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g79dddb1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.11.0-202208020235.p0.g8dd7ae6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.11.0-202208020235.p0.gf70a51b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-machine-controllers-rhel8:v4.11.0-202208020235.p0.g4145108.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-apiserver-network-proxy-rhel8:v4.11.0-202208020235.p0.g1966e0d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gea1a9b2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gb3fe15b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g2c7529e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.11.0-202208020235.p0.ga085f1c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-node-manager-rhel8:v4.11.0-202208020706.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.ga851a35.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gc4197c3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gcbe7044.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-installer-rhel8:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-rhel8-operator:v4.11.0-202208020235.p0.g22b522c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-runtimecfg-rhel8:v4.11.0-202208020235.p0.g70d770d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli-artifacts:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cloud-credential-operator:v4.11.0-202208020235.p0.g9a40d74.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-api-rhel8:v4.11.0-202208020235.p0.gf9c215c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-authentication-operator:v4.11.0-202208020235.p0.ge2bcbaa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler-operator:v4.11.0-202208020706.p0.gfcffbcd.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler:v4.11.0-202208020235.p0.g80a9b6d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202208020235.p0.g0f415d1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-bootstrap:v4.11.0-202208020235.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-operator-container-rhel8:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-rhel8-operator:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.11.0-202208020235.p0.gc2f2cbf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-config-operator:v4.11.0-202208020235.p0.g0e01b06.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.11.0-202208020706.p0.g8d0774f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-dns-operator:v4.11.0-202208020235.p0.g8998093.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-etcd-rhel8-operator:v4.11.0-202208020235.p0.gbcae2f3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-image-registry-operator:v4.11.0-202208020235.p0.g4d66ea3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-ingress-operator:v4.11.0-202208020235.p0.g2432dad.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-apiserver-operator:v4.11.0-202208020235.p0.gc7c94db.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-cluster-api-rhel8-operator:v4.11.0-202208020235.p0.g55efc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-controller-manager-operator:v4.11.0-202208020235.p0.ga6cb428.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-scheduler-operator:v4.11.0-202208020235.p0.gb8fed26.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.11.0-202208020235.p0.g12d050a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-machine-approver:v4.11.0-202208020235.p0.g3ee1fe4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-monitoring-operator:v4.11.0-202208020235.p0.gfcc377d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-network-operator:v4.11.0-202208020235.p0.g3528a6b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-node-tuning-operator:v4.11.0-202208020235.p0.ga7921b7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-apiserver-operator:v4.11.0-202208020235.p0.g5ddbeef.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-controller-manager-operator:v4.11.0-202208020235.p0.g0315835.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-policy-controller-rhel8:v4.11.0-202208020235.p0.gc7201ed.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-samples-operator:v4.11.0-202208020235.p0.g375a4a9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-storage-operator:v4.11.0-202208020235.p0.gce8a6de.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-update-keys:v4.11.0-202207070244.p0.g289032f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-version-operator:v4.11.0-202208020235.p0.g96cc88c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-configmap-reloader:v4.11.0-202208020235.p0.gb7c03bb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console-operator:v4.11.0-202208020235.p0.g501e91f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console:v4.11.0-202208021257.p0.ge0d49a2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-container-networking-plugins-rhel8:v4.11.0-202208020235.p0.g0ad9da6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-coredns:v4.11.0-202208020235.p0.g7fe212f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8-operator:v4.11.0-202208020235.p0.g12cb253.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.11.0-202208020706.p0.gd3985eb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-webhook-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher-rhel8:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner-rhel8:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer-rhel8:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe-rhel8:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar-rhel8:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-deployer:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-builder:v4.11.0-202208020235.p0.gb500d85.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-registry:v4.11.0-202208020235.p0.g9f07f43.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-etcd:v4.11.0-202208020235.p0.g80cc14e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g9a303b1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gff20dda.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gbc7bad4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.11.0-202208020235.p0.gf9d7fdc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-grafana:v4.11.0-202208020235.p0.g6773185.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-haproxy-router:v4.11.0-202208020235.p0.g601ba57.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hyperkube:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hypershift-rhel8:v4.11.0-202208020235.p0.g65f10a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gce83696.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.ge4a2180.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.11.0-202208020235.p0.gc85624d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.11.0-202208020235.p0.g32e18fa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.11.0-202208020235.p0.g3bde969.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-image-customization-controller-rhel8:v4.11.0-202208020235.p0.g42b4b1f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-insights-rhel8-operator:v4.11.0-202208020235.p0.g0929403.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer-artifacts:v4.11.0-202208020706.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-agent-rhel8:v4.11.0-202207132222.p0.gd84c963.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.11.0-202208020235.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-rhel8:v4.11.0-202207132222.p0.gb1863f8.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-static-ip-manager-rhel8:v4.11.0-202207070244.p0.g84a378e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-k8s-prometheus-adapter:v4.11.0-202208020235.p0.g32fb8ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-keepalived-ipfailover:v4.11.0-202207070244.p0.gf1330f6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-proxy:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-rbac-proxy:v4.11.0-202208020235.p0.ga805ba5.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-state-metrics:v4.11.0-202208020235.p0.g896d000.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-storage-version-migrator-rhel8:v4.11.0-202208020235.p0.g596745c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-cni-rhel8:v4.11.0-202208020235.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-controller-rhel8:v4.11.0-202208011446.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-libvirt-machine-controllers:v4.11.0-202208020235.p0.gb6e14ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-operator:v4.11.0-202208020235.p0.g4e3e83c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-aws-rhel8:v4.11.0-202208020235.p0.gd701bcb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-gcp-rhel8:v4.11.0-202208020235.p0.g17a3a9f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-openstack-rhel8:v4.11.0-202208020235.p0.geb7e497.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-config-operator:v4.11.0-202208020235.p0.ge722bb7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-os-images-rhel8:v4.11.0-202208020235.p0.g1150735.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-admission-controller:v4.11.0-202208020235.p0.gf38aae4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-cni:v4.11.0-202208020235.p0.g3cc5a3a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-networkpolicy-rhel8:v4.11.0-202208020706.p0.g643fdaf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-route-override-cni-rhel8:v4.11.0-202208020235.p0.g523b790.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.11.0-202208020235.p0.g9951259.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-must-gather:v4.11.0-202208020706.p0.g32bca40.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-interface-bond-cni-rhel8:v4.11.0-202208020235.p0.gd69bd07.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-metrics-daemon-rhel8:v4.11.0-202208020235.p0.g9482ac9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-nutanix-machine-controllers-rhel8:v4.11.0-202208020235.p0.ga94eb77.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-apiserver-rhel8:v4.11.0-202208020235.p0.gf60f1c1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-proxy:v4.11.0-202208020235.p0.gaad1b28.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-server-rhel8:v4.11.0-202208020235.p0.g8d80088.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-apiserver-rhel8:v4.11.0-202208020235.p0.g4b6f874.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-controller-manager-rhel8:v4.11.0-202208020235.p0.g46157a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-state-metrics-rhel8:v4.11.0-202208020235.p0.g1a7a5dc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gae4c45c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-machine-controllers:v4.11.0-202208020235.p0.g440ca42.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-lifecycle-manager:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-marketplace:v4.11.0-202208020235.p0.g040c64e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-registry:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovirt-machine-controllers-rhel8:v4.11.0-202208020235.p0.g5a93d94.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovn-kubernetes:v4.11.0-202208020706.p0.g2e00ec0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-pod:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g8ace6e9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-machine-controllers-rhel8:v4.11.0-202208020235.p0.g76649b3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prom-label-proxy:v4.11.0-202208020235.p0.gaf12fbc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-alertmanager:v4.11.0-202208020235.p0.g05cfc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-config-reloader:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-node-exporter:v4.11.0-202208020235.p0.g0102201.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator-admission-webhook-rhel8:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus:v4.11.0-202208020235.p0.gd2dfc27.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-sdn-rhel8:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-service-ca-operator:v4.11.0-202208020235.p0.g0899d11.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-telemeter:v4.11.0-202208020235.p0.g77b2966.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tests:v4.11.0-202208020706.p0.gb860532.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-thanos-rhel8:v4.11.0-202208020235.p0.gf08da2d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tools-rhel8:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g6fd8e8d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gf67d1d0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-problem-detector-rhel8:v4.11.0-202208020235.p0.g5910f33.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel7:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g7a30e38.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=2064702" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "crash in a golang.org/x/crypto/ssh server", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.11.0-202208020235.p0.g7564046.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8:v4.11.0-202208020235.p0.g0fe424e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-rhel8:v4.11.0-202208020235.p0.g67c3831.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-nfs-rhel8:v4.11.0-202208020235.p0.gf144bb4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-azure-rhel8:v4.11.0-202208020706.p0.g93b3f9e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.11:openshift4/cloud-network-config-controller-rhel8:v4.11.0-202208020706.p0.g7a3c3c9.assembly.stream", "8Base-RHOSE-4.11:openshift4/driver-toolkit-rhel8:v4.11.0-202208020947.p0.g4e799c0.assembly.stream", "8Base-RHOSE-4.11:openshift4/egress-router-cni-rhel8:v4.11.0-202208020235.p0.gfccaf1d.assembly.stream", "8Base-RHOSE-4.11:openshift4/network-tools-rhel8:v4.11.0-202208020947.p0.g1845124.assembly.stream", "8Base-RHOSE-4.11:openshift4/oc-mirror-plugin-rhel8:v4.11.0-202208020235.p0.g3c1c80c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-api-server-rhel8:v4.11.0-202208020706.p0.g0f52647.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-csr-approver-rhel8:v4.11.0-202208020706.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-node-agent-rhel8:v4.11.0-202208020235.p0.gb17b06b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-orchestrator-rhel8:v4.11.0-202208020235.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g79dddb1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.11.0-202208020235.p0.g8dd7ae6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.11.0-202208020235.p0.gf70a51b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-machine-controllers-rhel8:v4.11.0-202208020235.p0.g4145108.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-apiserver-network-proxy-rhel8:v4.11.0-202208020235.p0.g1966e0d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gea1a9b2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gb3fe15b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g2c7529e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.11.0-202208020235.p0.ga085f1c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-node-manager-rhel8:v4.11.0-202208020706.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.ga851a35.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gc4197c3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gcbe7044.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-installer-rhel8:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-rhel8-operator:v4.11.0-202208020235.p0.g22b522c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-runtimecfg-rhel8:v4.11.0-202208020235.p0.g70d770d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli-artifacts:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cloud-credential-operator:v4.11.0-202208020235.p0.g9a40d74.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-api-rhel8:v4.11.0-202208020235.p0.gf9c215c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-authentication-operator:v4.11.0-202208020235.p0.ge2bcbaa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler-operator:v4.11.0-202208020706.p0.gfcffbcd.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler:v4.11.0-202208020235.p0.g80a9b6d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202208020235.p0.g0f415d1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-bootstrap:v4.11.0-202208020235.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-operator-container-rhel8:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-rhel8-operator:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.11.0-202208020235.p0.gc2f2cbf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-config-operator:v4.11.0-202208020235.p0.g0e01b06.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.11.0-202208020706.p0.g8d0774f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-dns-operator:v4.11.0-202208020235.p0.g8998093.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-etcd-rhel8-operator:v4.11.0-202208020235.p0.gbcae2f3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-image-registry-operator:v4.11.0-202208020235.p0.g4d66ea3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-ingress-operator:v4.11.0-202208020235.p0.g2432dad.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-apiserver-operator:v4.11.0-202208020235.p0.gc7c94db.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-cluster-api-rhel8-operator:v4.11.0-202208020235.p0.g55efc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-controller-manager-operator:v4.11.0-202208020235.p0.ga6cb428.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-scheduler-operator:v4.11.0-202208020235.p0.gb8fed26.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.11.0-202208020235.p0.g12d050a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-machine-approver:v4.11.0-202208020235.p0.g3ee1fe4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-monitoring-operator:v4.11.0-202208020235.p0.gfcc377d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-network-operator:v4.11.0-202208020235.p0.g3528a6b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-node-tuning-operator:v4.11.0-202208020235.p0.ga7921b7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-apiserver-operator:v4.11.0-202208020235.p0.g5ddbeef.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-controller-manager-operator:v4.11.0-202208020235.p0.g0315835.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-policy-controller-rhel8:v4.11.0-202208020235.p0.gc7201ed.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-samples-operator:v4.11.0-202208020235.p0.g375a4a9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-storage-operator:v4.11.0-202208020235.p0.gce8a6de.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-update-keys:v4.11.0-202207070244.p0.g289032f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-version-operator:v4.11.0-202208020235.p0.g96cc88c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-configmap-reloader:v4.11.0-202208020235.p0.gb7c03bb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console-operator:v4.11.0-202208020235.p0.g501e91f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console:v4.11.0-202208021257.p0.ge0d49a2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-container-networking-plugins-rhel8:v4.11.0-202208020235.p0.g0ad9da6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-coredns:v4.11.0-202208020235.p0.g7fe212f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8-operator:v4.11.0-202208020235.p0.g12cb253.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.11.0-202208020706.p0.gd3985eb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-webhook-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher-rhel8:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner-rhel8:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer-rhel8:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe-rhel8:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar-rhel8:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-deployer:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-builder:v4.11.0-202208020235.p0.gb500d85.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-registry:v4.11.0-202208020235.p0.g9f07f43.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-etcd:v4.11.0-202208020235.p0.g80cc14e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g9a303b1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gff20dda.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gbc7bad4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.11.0-202208020235.p0.gf9d7fdc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-grafana:v4.11.0-202208020235.p0.g6773185.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-haproxy-router:v4.11.0-202208020235.p0.g601ba57.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hyperkube:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hypershift-rhel8:v4.11.0-202208020235.p0.g65f10a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gce83696.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.ge4a2180.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.11.0-202208020235.p0.gc85624d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.11.0-202208020235.p0.g32e18fa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.11.0-202208020235.p0.g3bde969.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-image-customization-controller-rhel8:v4.11.0-202208020235.p0.g42b4b1f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-insights-rhel8-operator:v4.11.0-202208020235.p0.g0929403.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer-artifacts:v4.11.0-202208020706.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-agent-rhel8:v4.11.0-202207132222.p0.gd84c963.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.11.0-202208020235.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-rhel8:v4.11.0-202207132222.p0.gb1863f8.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-static-ip-manager-rhel8:v4.11.0-202207070244.p0.g84a378e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-k8s-prometheus-adapter:v4.11.0-202208020235.p0.g32fb8ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-keepalived-ipfailover:v4.11.0-202207070244.p0.gf1330f6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-proxy:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-rbac-proxy:v4.11.0-202208020235.p0.ga805ba5.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-state-metrics:v4.11.0-202208020235.p0.g896d000.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-storage-version-migrator-rhel8:v4.11.0-202208020235.p0.g596745c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-cni-rhel8:v4.11.0-202208020235.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-controller-rhel8:v4.11.0-202208011446.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-libvirt-machine-controllers:v4.11.0-202208020235.p0.gb6e14ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-operator:v4.11.0-202208020235.p0.g4e3e83c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-aws-rhel8:v4.11.0-202208020235.p0.gd701bcb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-gcp-rhel8:v4.11.0-202208020235.p0.g17a3a9f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-openstack-rhel8:v4.11.0-202208020235.p0.geb7e497.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-config-operator:v4.11.0-202208020235.p0.ge722bb7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-os-images-rhel8:v4.11.0-202208020235.p0.g1150735.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-admission-controller:v4.11.0-202208020235.p0.gf38aae4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-cni:v4.11.0-202208020235.p0.g3cc5a3a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-networkpolicy-rhel8:v4.11.0-202208020706.p0.g643fdaf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-route-override-cni-rhel8:v4.11.0-202208020235.p0.g523b790.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.11.0-202208020235.p0.g9951259.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-must-gather:v4.11.0-202208020706.p0.g32bca40.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-interface-bond-cni-rhel8:v4.11.0-202208020235.p0.gd69bd07.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-metrics-daemon-rhel8:v4.11.0-202208020235.p0.g9482ac9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-nutanix-machine-controllers-rhel8:v4.11.0-202208020235.p0.ga94eb77.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-apiserver-rhel8:v4.11.0-202208020235.p0.gf60f1c1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-proxy:v4.11.0-202208020235.p0.gaad1b28.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-server-rhel8:v4.11.0-202208020235.p0.g8d80088.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-apiserver-rhel8:v4.11.0-202208020235.p0.g4b6f874.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-controller-manager-rhel8:v4.11.0-202208020235.p0.g46157a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-state-metrics-rhel8:v4.11.0-202208020235.p0.g1a7a5dc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gae4c45c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-machine-controllers:v4.11.0-202208020235.p0.g440ca42.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-lifecycle-manager:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-marketplace:v4.11.0-202208020235.p0.g040c64e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-registry:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovirt-machine-controllers-rhel8:v4.11.0-202208020235.p0.g5a93d94.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovn-kubernetes:v4.11.0-202208020706.p0.g2e00ec0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-pod:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g8ace6e9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-machine-controllers-rhel8:v4.11.0-202208020235.p0.g76649b3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prom-label-proxy:v4.11.0-202208020235.p0.gaf12fbc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-alertmanager:v4.11.0-202208020235.p0.g05cfc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-config-reloader:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-node-exporter:v4.11.0-202208020235.p0.g0102201.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator-admission-webhook-rhel8:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus:v4.11.0-202208020235.p0.gd2dfc27.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-sdn-rhel8:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-service-ca-operator:v4.11.0-202208020235.p0.g0899d11.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-telemeter:v4.11.0-202208020235.p0.g77b2966.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tests:v4.11.0-202208020706.p0.gb860532.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-thanos-rhel8:v4.11.0-202208020235.p0.gf08da2d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tools-rhel8:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g6fd8e8d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gf67d1d0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-problem-detector-rhel8:v4.11.0-202208020235.p0.g5910f33.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel7:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g7a30e38.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-27191", "url": "https://www.cve.org/CVERecord?id=CVE-2022-27191" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27191", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27191" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ", "url": "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ" }, { "category": "external", "summary": "CVE-2022-27191", "url": "https://access.redhat.com/security/cve/CVE-2022-27191" }, { "category": "external", "summary": "bz#2064702: crash in a golang.org/x/crypto/ssh server", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064702" } ], "release_date": "2022-03-15T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.11.0-202208020235.p0.g7564046.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8:v4.11.0-202208020235.p0.g0fe424e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-rhel8:v4.11.0-202208020235.p0.g67c3831.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-nfs-rhel8:v4.11.0-202208020235.p0.gf144bb4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-azure-rhel8:v4.11.0-202208020706.p0.g93b3f9e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2022:5069" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.11.0-202208020235.p0.g7564046.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8:v4.11.0-202208020235.p0.g0fe424e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-rhel8:v4.11.0-202208020235.p0.g67c3831.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-nfs-rhel8:v4.11.0-202208020235.p0.gf144bb4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-azure-rhel8:v4.11.0-202208020706.p0.g93b3f9e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2022-03-16T00:00:00Z", "details": "Moderate" } ], "title": "crash in a golang.org/x/crypto/ssh server" }, { "cve": "CVE-2022-29810", "cwe": { "id": "CWE-532", "name": "Insertion of Sensitive Information into Log File" }, "discovery_date": "2022-04-29T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.11:openshift4/cloud-network-config-controller-rhel8:v4.11.0-202208020706.p0.g7a3c3c9.assembly.stream", "8Base-RHOSE-4.11:openshift4/driver-toolkit-rhel8:v4.11.0-202208020947.p0.g4e799c0.assembly.stream", "8Base-RHOSE-4.11:openshift4/egress-router-cni-rhel8:v4.11.0-202208020235.p0.gfccaf1d.assembly.stream", "8Base-RHOSE-4.11:openshift4/network-tools-rhel8:v4.11.0-202208020947.p0.g1845124.assembly.stream", "8Base-RHOSE-4.11:openshift4/oc-mirror-plugin-rhel8:v4.11.0-202208020235.p0.g3c1c80c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-api-server-rhel8:v4.11.0-202208020706.p0.g0f52647.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-csr-approver-rhel8:v4.11.0-202208020706.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-node-agent-rhel8:v4.11.0-202208020235.p0.gb17b06b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-orchestrator-rhel8:v4.11.0-202208020235.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g79dddb1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.11.0-202208020235.p0.g8dd7ae6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.11.0-202208020235.p0.gf70a51b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-machine-controllers-rhel8:v4.11.0-202208020235.p0.g4145108.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-apiserver-network-proxy-rhel8:v4.11.0-202208020235.p0.g1966e0d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gea1a9b2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gb3fe15b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g2c7529e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.11.0-202208020235.p0.g7564046.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.11.0-202208020235.p0.ga085f1c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-node-manager-rhel8:v4.11.0-202208020706.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.ga851a35.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gc4197c3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8:v4.11.0-202208020235.p0.g0fe424e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gcbe7044.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-rhel8:v4.11.0-202208020235.p0.g67c3831.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-installer-rhel8:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-runtimecfg-rhel8:v4.11.0-202208020235.p0.g70d770d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli-artifacts:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cloud-credential-operator:v4.11.0-202208020235.p0.g9a40d74.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-api-rhel8:v4.11.0-202208020235.p0.gf9c215c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-authentication-operator:v4.11.0-202208020235.p0.ge2bcbaa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler-operator:v4.11.0-202208020706.p0.gfcffbcd.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler:v4.11.0-202208020235.p0.g80a9b6d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-bootstrap:v4.11.0-202208020235.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-operator-container-rhel8:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-rhel8-operator:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.11.0-202208020235.p0.gc2f2cbf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-config-operator:v4.11.0-202208020235.p0.g0e01b06.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.11.0-202208020706.p0.g8d0774f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-dns-operator:v4.11.0-202208020235.p0.g8998093.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-etcd-rhel8-operator:v4.11.0-202208020235.p0.gbcae2f3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-image-registry-operator:v4.11.0-202208020235.p0.g4d66ea3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-ingress-operator:v4.11.0-202208020235.p0.g2432dad.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-apiserver-operator:v4.11.0-202208020235.p0.gc7c94db.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-cluster-api-rhel8-operator:v4.11.0-202208020235.p0.g55efc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-controller-manager-operator:v4.11.0-202208020235.p0.ga6cb428.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-scheduler-operator:v4.11.0-202208020235.p0.gb8fed26.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.11.0-202208020235.p0.g12d050a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-machine-approver:v4.11.0-202208020235.p0.g3ee1fe4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-monitoring-operator:v4.11.0-202208020235.p0.gfcc377d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-network-operator:v4.11.0-202208020235.p0.g3528a6b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-node-tuning-operator:v4.11.0-202208020235.p0.ga7921b7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-apiserver-operator:v4.11.0-202208020235.p0.g5ddbeef.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-controller-manager-operator:v4.11.0-202208020235.p0.g0315835.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-policy-controller-rhel8:v4.11.0-202208020235.p0.gc7201ed.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-samples-operator:v4.11.0-202208020235.p0.g375a4a9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-storage-operator:v4.11.0-202208020235.p0.gce8a6de.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-update-keys:v4.11.0-202207070244.p0.g289032f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-version-operator:v4.11.0-202208020235.p0.g96cc88c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-configmap-reloader:v4.11.0-202208020235.p0.gb7c03bb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console-operator:v4.11.0-202208020235.p0.g501e91f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console:v4.11.0-202208021257.p0.ge0d49a2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-container-networking-plugins-rhel8:v4.11.0-202208020235.p0.g0ad9da6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-coredns:v4.11.0-202208020235.p0.g7fe212f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8-operator:v4.11.0-202208020235.p0.g12cb253.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-nfs-rhel8:v4.11.0-202208020235.p0.gf144bb4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.11.0-202208020706.p0.gd3985eb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-webhook-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher-rhel8:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner-rhel8:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer-rhel8:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe-rhel8:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar-rhel8:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-deployer:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-builder:v4.11.0-202208020235.p0.gb500d85.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-registry:v4.11.0-202208020235.p0.g9f07f43.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-etcd:v4.11.0-202208020235.p0.g80cc14e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g9a303b1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gff20dda.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gbc7bad4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.11.0-202208020235.p0.gf9d7fdc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-grafana:v4.11.0-202208020235.p0.g6773185.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-haproxy-router:v4.11.0-202208020235.p0.g601ba57.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hyperkube:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hypershift-rhel8:v4.11.0-202208020235.p0.g65f10a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gce83696.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.ge4a2180.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.11.0-202208020235.p0.gc85624d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.11.0-202208020235.p0.g32e18fa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.11.0-202208020235.p0.g3bde969.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-image-customization-controller-rhel8:v4.11.0-202208020235.p0.g42b4b1f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-insights-rhel8-operator:v4.11.0-202208020235.p0.g0929403.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer-artifacts:v4.11.0-202208020706.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-agent-rhel8:v4.11.0-202207132222.p0.gd84c963.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.11.0-202208020235.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-rhel8:v4.11.0-202207132222.p0.gb1863f8.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-static-ip-manager-rhel8:v4.11.0-202207070244.p0.g84a378e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-k8s-prometheus-adapter:v4.11.0-202208020235.p0.g32fb8ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-keepalived-ipfailover:v4.11.0-202207070244.p0.gf1330f6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-proxy:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-rbac-proxy:v4.11.0-202208020235.p0.ga805ba5.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-state-metrics:v4.11.0-202208020235.p0.g896d000.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-storage-version-migrator-rhel8:v4.11.0-202208020235.p0.g596745c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-cni-rhel8:v4.11.0-202208020235.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-controller-rhel8:v4.11.0-202208011446.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-libvirt-machine-controllers:v4.11.0-202208020235.p0.gb6e14ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-operator:v4.11.0-202208020235.p0.g4e3e83c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-aws-rhel8:v4.11.0-202208020235.p0.gd701bcb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-azure-rhel8:v4.11.0-202208020706.p0.g93b3f9e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-gcp-rhel8:v4.11.0-202208020235.p0.g17a3a9f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-openstack-rhel8:v4.11.0-202208020235.p0.geb7e497.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-config-operator:v4.11.0-202208020235.p0.ge722bb7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-os-images-rhel8:v4.11.0-202208020235.p0.g1150735.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-admission-controller:v4.11.0-202208020235.p0.gf38aae4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-cni:v4.11.0-202208020235.p0.g3cc5a3a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-networkpolicy-rhel8:v4.11.0-202208020706.p0.g643fdaf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-route-override-cni-rhel8:v4.11.0-202208020235.p0.g523b790.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.11.0-202208020235.p0.g9951259.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-must-gather:v4.11.0-202208020706.p0.g32bca40.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-interface-bond-cni-rhel8:v4.11.0-202208020235.p0.gd69bd07.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-metrics-daemon-rhel8:v4.11.0-202208020235.p0.g9482ac9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-nutanix-machine-controllers-rhel8:v4.11.0-202208020235.p0.ga94eb77.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-apiserver-rhel8:v4.11.0-202208020235.p0.gf60f1c1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-proxy:v4.11.0-202208020235.p0.gaad1b28.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-server-rhel8:v4.11.0-202208020235.p0.g8d80088.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-apiserver-rhel8:v4.11.0-202208020235.p0.g4b6f874.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-controller-manager-rhel8:v4.11.0-202208020235.p0.g46157a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-state-metrics-rhel8:v4.11.0-202208020235.p0.g1a7a5dc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gae4c45c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-machine-controllers:v4.11.0-202208020235.p0.g440ca42.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-lifecycle-manager:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-marketplace:v4.11.0-202208020235.p0.g040c64e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-registry:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovirt-machine-controllers-rhel8:v4.11.0-202208020235.p0.g5a93d94.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovn-kubernetes:v4.11.0-202208020706.p0.g2e00ec0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-pod:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g8ace6e9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-machine-controllers-rhel8:v4.11.0-202208020235.p0.g76649b3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prom-label-proxy:v4.11.0-202208020235.p0.gaf12fbc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-alertmanager:v4.11.0-202208020235.p0.g05cfc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-config-reloader:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-node-exporter:v4.11.0-202208020235.p0.g0102201.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator-admission-webhook-rhel8:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus:v4.11.0-202208020235.p0.gd2dfc27.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-sdn-rhel8:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-service-ca-operator:v4.11.0-202208020235.p0.g0899d11.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-telemeter:v4.11.0-202208020235.p0.g77b2966.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tests:v4.11.0-202208020706.p0.gb860532.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-thanos-rhel8:v4.11.0-202208020235.p0.gf08da2d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tools-rhel8:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g6fd8e8d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gf67d1d0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-problem-detector-rhel8:v4.11.0-202208020235.p0.g5910f33.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel7:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g7a30e38.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=2080279" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in go-getter, where the go-getter library can write SSH credentials into its log file. This flaw allows a local user with access to read log files to read sensitive credentials, which may lead to privilege escalation or account takeover.", "title": "Vulnerability description" }, { "category": "summary", "text": "go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.11:openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-rhel8-operator:v4.11.0-202208020235.p0.g22b522c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202208020235.p0.g0f415d1.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.11:openshift4/cloud-network-config-controller-rhel8:v4.11.0-202208020706.p0.g7a3c3c9.assembly.stream", "8Base-RHOSE-4.11:openshift4/driver-toolkit-rhel8:v4.11.0-202208020947.p0.g4e799c0.assembly.stream", "8Base-RHOSE-4.11:openshift4/egress-router-cni-rhel8:v4.11.0-202208020235.p0.gfccaf1d.assembly.stream", "8Base-RHOSE-4.11:openshift4/network-tools-rhel8:v4.11.0-202208020947.p0.g1845124.assembly.stream", "8Base-RHOSE-4.11:openshift4/oc-mirror-plugin-rhel8:v4.11.0-202208020235.p0.g3c1c80c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-api-server-rhel8:v4.11.0-202208020706.p0.g0f52647.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-csr-approver-rhel8:v4.11.0-202208020706.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-node-agent-rhel8:v4.11.0-202208020235.p0.gb17b06b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-orchestrator-rhel8:v4.11.0-202208020235.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g79dddb1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.11.0-202208020235.p0.g8dd7ae6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.11.0-202208020235.p0.gf70a51b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-machine-controllers-rhel8:v4.11.0-202208020235.p0.g4145108.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-apiserver-network-proxy-rhel8:v4.11.0-202208020235.p0.g1966e0d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gea1a9b2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gb3fe15b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g2c7529e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.11.0-202208020235.p0.g7564046.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.11.0-202208020235.p0.ga085f1c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-node-manager-rhel8:v4.11.0-202208020706.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.ga851a35.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gc4197c3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8:v4.11.0-202208020235.p0.g0fe424e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gcbe7044.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-rhel8:v4.11.0-202208020235.p0.g67c3831.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-installer-rhel8:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-runtimecfg-rhel8:v4.11.0-202208020235.p0.g70d770d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli-artifacts:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cloud-credential-operator:v4.11.0-202208020235.p0.g9a40d74.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-api-rhel8:v4.11.0-202208020235.p0.gf9c215c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-authentication-operator:v4.11.0-202208020235.p0.ge2bcbaa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler-operator:v4.11.0-202208020706.p0.gfcffbcd.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler:v4.11.0-202208020235.p0.g80a9b6d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-bootstrap:v4.11.0-202208020235.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-operator-container-rhel8:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-rhel8-operator:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.11.0-202208020235.p0.gc2f2cbf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-config-operator:v4.11.0-202208020235.p0.g0e01b06.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.11.0-202208020706.p0.g8d0774f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-dns-operator:v4.11.0-202208020235.p0.g8998093.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-etcd-rhel8-operator:v4.11.0-202208020235.p0.gbcae2f3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-image-registry-operator:v4.11.0-202208020235.p0.g4d66ea3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-ingress-operator:v4.11.0-202208020235.p0.g2432dad.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-apiserver-operator:v4.11.0-202208020235.p0.gc7c94db.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-cluster-api-rhel8-operator:v4.11.0-202208020235.p0.g55efc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-controller-manager-operator:v4.11.0-202208020235.p0.ga6cb428.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-scheduler-operator:v4.11.0-202208020235.p0.gb8fed26.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.11.0-202208020235.p0.g12d050a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-machine-approver:v4.11.0-202208020235.p0.g3ee1fe4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-monitoring-operator:v4.11.0-202208020235.p0.gfcc377d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-network-operator:v4.11.0-202208020235.p0.g3528a6b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-node-tuning-operator:v4.11.0-202208020235.p0.ga7921b7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-apiserver-operator:v4.11.0-202208020235.p0.g5ddbeef.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-controller-manager-operator:v4.11.0-202208020235.p0.g0315835.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-policy-controller-rhel8:v4.11.0-202208020235.p0.gc7201ed.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-samples-operator:v4.11.0-202208020235.p0.g375a4a9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-storage-operator:v4.11.0-202208020235.p0.gce8a6de.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-update-keys:v4.11.0-202207070244.p0.g289032f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-version-operator:v4.11.0-202208020235.p0.g96cc88c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-configmap-reloader:v4.11.0-202208020235.p0.gb7c03bb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console-operator:v4.11.0-202208020235.p0.g501e91f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console:v4.11.0-202208021257.p0.ge0d49a2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-container-networking-plugins-rhel8:v4.11.0-202208020235.p0.g0ad9da6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-coredns:v4.11.0-202208020235.p0.g7fe212f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8-operator:v4.11.0-202208020235.p0.g12cb253.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-nfs-rhel8:v4.11.0-202208020235.p0.gf144bb4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.11.0-202208020706.p0.gd3985eb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-webhook-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher-rhel8:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner-rhel8:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer-rhel8:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe-rhel8:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar-rhel8:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-deployer:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-builder:v4.11.0-202208020235.p0.gb500d85.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-registry:v4.11.0-202208020235.p0.g9f07f43.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-etcd:v4.11.0-202208020235.p0.g80cc14e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g9a303b1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gff20dda.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gbc7bad4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.11.0-202208020235.p0.gf9d7fdc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-grafana:v4.11.0-202208020235.p0.g6773185.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-haproxy-router:v4.11.0-202208020235.p0.g601ba57.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hyperkube:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hypershift-rhel8:v4.11.0-202208020235.p0.g65f10a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gce83696.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.ge4a2180.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.11.0-202208020235.p0.gc85624d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.11.0-202208020235.p0.g32e18fa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.11.0-202208020235.p0.g3bde969.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-image-customization-controller-rhel8:v4.11.0-202208020235.p0.g42b4b1f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-insights-rhel8-operator:v4.11.0-202208020235.p0.g0929403.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer-artifacts:v4.11.0-202208020706.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-agent-rhel8:v4.11.0-202207132222.p0.gd84c963.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.11.0-202208020235.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-rhel8:v4.11.0-202207132222.p0.gb1863f8.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-static-ip-manager-rhel8:v4.11.0-202207070244.p0.g84a378e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-k8s-prometheus-adapter:v4.11.0-202208020235.p0.g32fb8ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-keepalived-ipfailover:v4.11.0-202207070244.p0.gf1330f6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-proxy:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-rbac-proxy:v4.11.0-202208020235.p0.ga805ba5.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-state-metrics:v4.11.0-202208020235.p0.g896d000.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-storage-version-migrator-rhel8:v4.11.0-202208020235.p0.g596745c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-cni-rhel8:v4.11.0-202208020235.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-controller-rhel8:v4.11.0-202208011446.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-libvirt-machine-controllers:v4.11.0-202208020235.p0.gb6e14ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-operator:v4.11.0-202208020235.p0.g4e3e83c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-aws-rhel8:v4.11.0-202208020235.p0.gd701bcb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-azure-rhel8:v4.11.0-202208020706.p0.g93b3f9e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-gcp-rhel8:v4.11.0-202208020235.p0.g17a3a9f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-openstack-rhel8:v4.11.0-202208020235.p0.geb7e497.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-config-operator:v4.11.0-202208020235.p0.ge722bb7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-os-images-rhel8:v4.11.0-202208020235.p0.g1150735.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-admission-controller:v4.11.0-202208020235.p0.gf38aae4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-cni:v4.11.0-202208020235.p0.g3cc5a3a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-networkpolicy-rhel8:v4.11.0-202208020706.p0.g643fdaf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-route-override-cni-rhel8:v4.11.0-202208020235.p0.g523b790.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.11.0-202208020235.p0.g9951259.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-must-gather:v4.11.0-202208020706.p0.g32bca40.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-interface-bond-cni-rhel8:v4.11.0-202208020235.p0.gd69bd07.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-metrics-daemon-rhel8:v4.11.0-202208020235.p0.g9482ac9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-nutanix-machine-controllers-rhel8:v4.11.0-202208020235.p0.ga94eb77.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-apiserver-rhel8:v4.11.0-202208020235.p0.gf60f1c1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-proxy:v4.11.0-202208020235.p0.gaad1b28.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-server-rhel8:v4.11.0-202208020235.p0.g8d80088.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-apiserver-rhel8:v4.11.0-202208020235.p0.g4b6f874.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-controller-manager-rhel8:v4.11.0-202208020235.p0.g46157a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-state-metrics-rhel8:v4.11.0-202208020235.p0.g1a7a5dc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gae4c45c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-machine-controllers:v4.11.0-202208020235.p0.g440ca42.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-lifecycle-manager:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-marketplace:v4.11.0-202208020235.p0.g040c64e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-registry:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovirt-machine-controllers-rhel8:v4.11.0-202208020235.p0.g5a93d94.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovn-kubernetes:v4.11.0-202208020706.p0.g2e00ec0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-pod:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g8ace6e9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-machine-controllers-rhel8:v4.11.0-202208020235.p0.g76649b3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prom-label-proxy:v4.11.0-202208020235.p0.gaf12fbc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-alertmanager:v4.11.0-202208020235.p0.g05cfc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-config-reloader:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-node-exporter:v4.11.0-202208020235.p0.g0102201.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator-admission-webhook-rhel8:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus:v4.11.0-202208020235.p0.gd2dfc27.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-sdn-rhel8:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-service-ca-operator:v4.11.0-202208020235.p0.g0899d11.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-telemeter:v4.11.0-202208020235.p0.g77b2966.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tests:v4.11.0-202208020706.p0.gb860532.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-thanos-rhel8:v4.11.0-202208020235.p0.gf08da2d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tools-rhel8:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g6fd8e8d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gf67d1d0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-problem-detector-rhel8:v4.11.0-202208020235.p0.g5910f33.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel7:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g7a30e38.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29810", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29810" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29810", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29810" }, { "category": "external", "summary": "https://github.com/golang/vulndb/issues/438", "url": "https://github.com/golang/vulndb/issues/438" }, { "category": "external", "summary": "CVE-2022-29810", "url": "https://access.redhat.com/security/cve/CVE-2022-29810" }, { "category": "external", "summary": "bz#2080279: CVE-2022-29810 go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080279" } ], "release_date": "2022-04-27T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.11:openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-rhel8-operator:v4.11.0-202208020235.p0.g22b522c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202208020235.p0.g0f415d1.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2022:5069" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.11:openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-rhel8-operator:v4.11.0-202208020235.p0.g22b522c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202208020235.p0.g0f415d1.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2022-04-29T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2022-29810 go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses" }, { "cve": "CVE-2022-30321", "cwe": { "id": "CWE-229", "name": "Improper Handling of Values" }, "discovery_date": "2022-05-25T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.11:openshift4/cloud-network-config-controller-rhel8:v4.11.0-202208020706.p0.g7a3c3c9.assembly.stream", "8Base-RHOSE-4.11:openshift4/driver-toolkit-rhel8:v4.11.0-202208020947.p0.g4e799c0.assembly.stream", "8Base-RHOSE-4.11:openshift4/egress-router-cni-rhel8:v4.11.0-202208020235.p0.gfccaf1d.assembly.stream", "8Base-RHOSE-4.11:openshift4/network-tools-rhel8:v4.11.0-202208020947.p0.g1845124.assembly.stream", "8Base-RHOSE-4.11:openshift4/oc-mirror-plugin-rhel8:v4.11.0-202208020235.p0.g3c1c80c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-api-server-rhel8:v4.11.0-202208020706.p0.g0f52647.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-csr-approver-rhel8:v4.11.0-202208020706.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-node-agent-rhel8:v4.11.0-202208020235.p0.gb17b06b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-orchestrator-rhel8:v4.11.0-202208020235.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g79dddb1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.11.0-202208020235.p0.g8dd7ae6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.11.0-202208020235.p0.gf70a51b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-machine-controllers-rhel8:v4.11.0-202208020235.p0.g4145108.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-apiserver-network-proxy-rhel8:v4.11.0-202208020235.p0.g1966e0d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gea1a9b2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gb3fe15b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g2c7529e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.11.0-202208020235.p0.g7564046.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.11.0-202208020235.p0.ga085f1c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-node-manager-rhel8:v4.11.0-202208020706.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.ga851a35.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gc4197c3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8:v4.11.0-202208020235.p0.g0fe424e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gcbe7044.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-rhel8:v4.11.0-202208020235.p0.g67c3831.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-installer-rhel8:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-runtimecfg-rhel8:v4.11.0-202208020235.p0.g70d770d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli-artifacts:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cloud-credential-operator:v4.11.0-202208020235.p0.g9a40d74.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-api-rhel8:v4.11.0-202208020235.p0.gf9c215c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-authentication-operator:v4.11.0-202208020235.p0.ge2bcbaa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler-operator:v4.11.0-202208020706.p0.gfcffbcd.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler:v4.11.0-202208020235.p0.g80a9b6d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-bootstrap:v4.11.0-202208020235.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-operator-container-rhel8:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-rhel8-operator:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.11.0-202208020235.p0.gc2f2cbf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-config-operator:v4.11.0-202208020235.p0.g0e01b06.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.11.0-202208020706.p0.g8d0774f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-dns-operator:v4.11.0-202208020235.p0.g8998093.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-etcd-rhel8-operator:v4.11.0-202208020235.p0.gbcae2f3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-image-registry-operator:v4.11.0-202208020235.p0.g4d66ea3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-ingress-operator:v4.11.0-202208020235.p0.g2432dad.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-apiserver-operator:v4.11.0-202208020235.p0.gc7c94db.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-cluster-api-rhel8-operator:v4.11.0-202208020235.p0.g55efc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-controller-manager-operator:v4.11.0-202208020235.p0.ga6cb428.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-scheduler-operator:v4.11.0-202208020235.p0.gb8fed26.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.11.0-202208020235.p0.g12d050a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-machine-approver:v4.11.0-202208020235.p0.g3ee1fe4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-monitoring-operator:v4.11.0-202208020235.p0.gfcc377d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-network-operator:v4.11.0-202208020235.p0.g3528a6b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-node-tuning-operator:v4.11.0-202208020235.p0.ga7921b7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-apiserver-operator:v4.11.0-202208020235.p0.g5ddbeef.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-controller-manager-operator:v4.11.0-202208020235.p0.g0315835.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-policy-controller-rhel8:v4.11.0-202208020235.p0.gc7201ed.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-samples-operator:v4.11.0-202208020235.p0.g375a4a9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-storage-operator:v4.11.0-202208020235.p0.gce8a6de.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-update-keys:v4.11.0-202207070244.p0.g289032f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-version-operator:v4.11.0-202208020235.p0.g96cc88c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-configmap-reloader:v4.11.0-202208020235.p0.gb7c03bb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console-operator:v4.11.0-202208020235.p0.g501e91f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console:v4.11.0-202208021257.p0.ge0d49a2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-container-networking-plugins-rhel8:v4.11.0-202208020235.p0.g0ad9da6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-coredns:v4.11.0-202208020235.p0.g7fe212f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8-operator:v4.11.0-202208020235.p0.g12cb253.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-nfs-rhel8:v4.11.0-202208020235.p0.gf144bb4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.11.0-202208020706.p0.gd3985eb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-webhook-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher-rhel8:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner-rhel8:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer-rhel8:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe-rhel8:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar-rhel8:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-deployer:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-builder:v4.11.0-202208020235.p0.gb500d85.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-registry:v4.11.0-202208020235.p0.g9f07f43.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-etcd:v4.11.0-202208020235.p0.g80cc14e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g9a303b1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gff20dda.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gbc7bad4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.11.0-202208020235.p0.gf9d7fdc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-grafana:v4.11.0-202208020235.p0.g6773185.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-haproxy-router:v4.11.0-202208020235.p0.g601ba57.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hyperkube:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hypershift-rhel8:v4.11.0-202208020235.p0.g65f10a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gce83696.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.ge4a2180.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.11.0-202208020235.p0.gc85624d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.11.0-202208020235.p0.g32e18fa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.11.0-202208020235.p0.g3bde969.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-image-customization-controller-rhel8:v4.11.0-202208020235.p0.g42b4b1f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-insights-rhel8-operator:v4.11.0-202208020235.p0.g0929403.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer-artifacts:v4.11.0-202208020706.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-agent-rhel8:v4.11.0-202207132222.p0.gd84c963.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.11.0-202208020235.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-rhel8:v4.11.0-202207132222.p0.gb1863f8.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-static-ip-manager-rhel8:v4.11.0-202207070244.p0.g84a378e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-k8s-prometheus-adapter:v4.11.0-202208020235.p0.g32fb8ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-keepalived-ipfailover:v4.11.0-202207070244.p0.gf1330f6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-proxy:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-rbac-proxy:v4.11.0-202208020235.p0.ga805ba5.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-state-metrics:v4.11.0-202208020235.p0.g896d000.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-storage-version-migrator-rhel8:v4.11.0-202208020235.p0.g596745c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-cni-rhel8:v4.11.0-202208020235.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-controller-rhel8:v4.11.0-202208011446.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-libvirt-machine-controllers:v4.11.0-202208020235.p0.gb6e14ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-operator:v4.11.0-202208020235.p0.g4e3e83c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-aws-rhel8:v4.11.0-202208020235.p0.gd701bcb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-azure-rhel8:v4.11.0-202208020706.p0.g93b3f9e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-gcp-rhel8:v4.11.0-202208020235.p0.g17a3a9f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-openstack-rhel8:v4.11.0-202208020235.p0.geb7e497.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-config-operator:v4.11.0-202208020235.p0.ge722bb7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-os-images-rhel8:v4.11.0-202208020235.p0.g1150735.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-admission-controller:v4.11.0-202208020235.p0.gf38aae4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-cni:v4.11.0-202208020235.p0.g3cc5a3a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-networkpolicy-rhel8:v4.11.0-202208020706.p0.g643fdaf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-route-override-cni-rhel8:v4.11.0-202208020235.p0.g523b790.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.11.0-202208020235.p0.g9951259.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-must-gather:v4.11.0-202208020706.p0.g32bca40.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-interface-bond-cni-rhel8:v4.11.0-202208020235.p0.gd69bd07.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-metrics-daemon-rhel8:v4.11.0-202208020235.p0.g9482ac9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-nutanix-machine-controllers-rhel8:v4.11.0-202208020235.p0.ga94eb77.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-apiserver-rhel8:v4.11.0-202208020235.p0.gf60f1c1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-proxy:v4.11.0-202208020235.p0.gaad1b28.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-server-rhel8:v4.11.0-202208020235.p0.g8d80088.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-apiserver-rhel8:v4.11.0-202208020235.p0.g4b6f874.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-controller-manager-rhel8:v4.11.0-202208020235.p0.g46157a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-state-metrics-rhel8:v4.11.0-202208020235.p0.g1a7a5dc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gae4c45c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-machine-controllers:v4.11.0-202208020235.p0.g440ca42.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-lifecycle-manager:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-marketplace:v4.11.0-202208020235.p0.g040c64e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-registry:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovirt-machine-controllers-rhel8:v4.11.0-202208020235.p0.g5a93d94.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovn-kubernetes:v4.11.0-202208020706.p0.g2e00ec0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-pod:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g8ace6e9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-machine-controllers-rhel8:v4.11.0-202208020235.p0.g76649b3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prom-label-proxy:v4.11.0-202208020235.p0.gaf12fbc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-alertmanager:v4.11.0-202208020235.p0.g05cfc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-config-reloader:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-node-exporter:v4.11.0-202208020235.p0.g0102201.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator-admission-webhook-rhel8:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus:v4.11.0-202208020235.p0.gd2dfc27.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-sdn-rhel8:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-service-ca-operator:v4.11.0-202208020235.p0.g0899d11.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-telemeter:v4.11.0-202208020235.p0.g77b2966.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tests:v4.11.0-202208020706.p0.gb860532.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-thanos-rhel8:v4.11.0-202208020235.p0.gf08da2d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tools-rhel8:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g6fd8e8d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gf67d1d0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-problem-detector-rhel8:v4.11.0-202208020235.p0.g5910f33.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel7:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g7a30e38.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=2092918" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in go-getter. Several vulnerabilities were identified in the way go-getter processes HTTP responses, response headers, and password-protected ZIP files. This flaw allows an attacker to bypass certain configuration settings and may lead to a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "unsafe download (issue 1 of 3)", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.11:openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-rhel8-operator:v4.11.0-202208020235.p0.g22b522c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202208020235.p0.g0f415d1.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.11:openshift4/cloud-network-config-controller-rhel8:v4.11.0-202208020706.p0.g7a3c3c9.assembly.stream", "8Base-RHOSE-4.11:openshift4/driver-toolkit-rhel8:v4.11.0-202208020947.p0.g4e799c0.assembly.stream", "8Base-RHOSE-4.11:openshift4/egress-router-cni-rhel8:v4.11.0-202208020235.p0.gfccaf1d.assembly.stream", "8Base-RHOSE-4.11:openshift4/network-tools-rhel8:v4.11.0-202208020947.p0.g1845124.assembly.stream", "8Base-RHOSE-4.11:openshift4/oc-mirror-plugin-rhel8:v4.11.0-202208020235.p0.g3c1c80c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-api-server-rhel8:v4.11.0-202208020706.p0.g0f52647.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-csr-approver-rhel8:v4.11.0-202208020706.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-node-agent-rhel8:v4.11.0-202208020235.p0.gb17b06b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-orchestrator-rhel8:v4.11.0-202208020235.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g79dddb1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.11.0-202208020235.p0.g8dd7ae6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.11.0-202208020235.p0.gf70a51b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-machine-controllers-rhel8:v4.11.0-202208020235.p0.g4145108.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-apiserver-network-proxy-rhel8:v4.11.0-202208020235.p0.g1966e0d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gea1a9b2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gb3fe15b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g2c7529e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.11.0-202208020235.p0.g7564046.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.11.0-202208020235.p0.ga085f1c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-node-manager-rhel8:v4.11.0-202208020706.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.ga851a35.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gc4197c3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8:v4.11.0-202208020235.p0.g0fe424e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gcbe7044.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-rhel8:v4.11.0-202208020235.p0.g67c3831.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-installer-rhel8:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-runtimecfg-rhel8:v4.11.0-202208020235.p0.g70d770d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli-artifacts:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cloud-credential-operator:v4.11.0-202208020235.p0.g9a40d74.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-api-rhel8:v4.11.0-202208020235.p0.gf9c215c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-authentication-operator:v4.11.0-202208020235.p0.ge2bcbaa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler-operator:v4.11.0-202208020706.p0.gfcffbcd.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler:v4.11.0-202208020235.p0.g80a9b6d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-bootstrap:v4.11.0-202208020235.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-operator-container-rhel8:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-rhel8-operator:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.11.0-202208020235.p0.gc2f2cbf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-config-operator:v4.11.0-202208020235.p0.g0e01b06.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.11.0-202208020706.p0.g8d0774f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-dns-operator:v4.11.0-202208020235.p0.g8998093.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-etcd-rhel8-operator:v4.11.0-202208020235.p0.gbcae2f3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-image-registry-operator:v4.11.0-202208020235.p0.g4d66ea3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-ingress-operator:v4.11.0-202208020235.p0.g2432dad.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-apiserver-operator:v4.11.0-202208020235.p0.gc7c94db.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-cluster-api-rhel8-operator:v4.11.0-202208020235.p0.g55efc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-controller-manager-operator:v4.11.0-202208020235.p0.ga6cb428.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-scheduler-operator:v4.11.0-202208020235.p0.gb8fed26.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.11.0-202208020235.p0.g12d050a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-machine-approver:v4.11.0-202208020235.p0.g3ee1fe4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-monitoring-operator:v4.11.0-202208020235.p0.gfcc377d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-network-operator:v4.11.0-202208020235.p0.g3528a6b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-node-tuning-operator:v4.11.0-202208020235.p0.ga7921b7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-apiserver-operator:v4.11.0-202208020235.p0.g5ddbeef.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-controller-manager-operator:v4.11.0-202208020235.p0.g0315835.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-policy-controller-rhel8:v4.11.0-202208020235.p0.gc7201ed.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-samples-operator:v4.11.0-202208020235.p0.g375a4a9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-storage-operator:v4.11.0-202208020235.p0.gce8a6de.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-update-keys:v4.11.0-202207070244.p0.g289032f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-version-operator:v4.11.0-202208020235.p0.g96cc88c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-configmap-reloader:v4.11.0-202208020235.p0.gb7c03bb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console-operator:v4.11.0-202208020235.p0.g501e91f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console:v4.11.0-202208021257.p0.ge0d49a2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-container-networking-plugins-rhel8:v4.11.0-202208020235.p0.g0ad9da6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-coredns:v4.11.0-202208020235.p0.g7fe212f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8-operator:v4.11.0-202208020235.p0.g12cb253.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-nfs-rhel8:v4.11.0-202208020235.p0.gf144bb4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.11.0-202208020706.p0.gd3985eb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-webhook-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher-rhel8:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner-rhel8:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer-rhel8:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe-rhel8:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar-rhel8:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-deployer:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-builder:v4.11.0-202208020235.p0.gb500d85.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-registry:v4.11.0-202208020235.p0.g9f07f43.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-etcd:v4.11.0-202208020235.p0.g80cc14e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g9a303b1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gff20dda.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gbc7bad4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.11.0-202208020235.p0.gf9d7fdc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-grafana:v4.11.0-202208020235.p0.g6773185.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-haproxy-router:v4.11.0-202208020235.p0.g601ba57.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hyperkube:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hypershift-rhel8:v4.11.0-202208020235.p0.g65f10a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gce83696.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.ge4a2180.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.11.0-202208020235.p0.gc85624d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.11.0-202208020235.p0.g32e18fa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.11.0-202208020235.p0.g3bde969.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-image-customization-controller-rhel8:v4.11.0-202208020235.p0.g42b4b1f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-insights-rhel8-operator:v4.11.0-202208020235.p0.g0929403.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer-artifacts:v4.11.0-202208020706.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-agent-rhel8:v4.11.0-202207132222.p0.gd84c963.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.11.0-202208020235.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-rhel8:v4.11.0-202207132222.p0.gb1863f8.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-static-ip-manager-rhel8:v4.11.0-202207070244.p0.g84a378e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-k8s-prometheus-adapter:v4.11.0-202208020235.p0.g32fb8ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-keepalived-ipfailover:v4.11.0-202207070244.p0.gf1330f6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-proxy:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-rbac-proxy:v4.11.0-202208020235.p0.ga805ba5.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-state-metrics:v4.11.0-202208020235.p0.g896d000.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-storage-version-migrator-rhel8:v4.11.0-202208020235.p0.g596745c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-cni-rhel8:v4.11.0-202208020235.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-controller-rhel8:v4.11.0-202208011446.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-libvirt-machine-controllers:v4.11.0-202208020235.p0.gb6e14ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-operator:v4.11.0-202208020235.p0.g4e3e83c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-aws-rhel8:v4.11.0-202208020235.p0.gd701bcb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-azure-rhel8:v4.11.0-202208020706.p0.g93b3f9e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-gcp-rhel8:v4.11.0-202208020235.p0.g17a3a9f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-openstack-rhel8:v4.11.0-202208020235.p0.geb7e497.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-config-operator:v4.11.0-202208020235.p0.ge722bb7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-os-images-rhel8:v4.11.0-202208020235.p0.g1150735.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-admission-controller:v4.11.0-202208020235.p0.gf38aae4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-cni:v4.11.0-202208020235.p0.g3cc5a3a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-networkpolicy-rhel8:v4.11.0-202208020706.p0.g643fdaf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-route-override-cni-rhel8:v4.11.0-202208020235.p0.g523b790.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.11.0-202208020235.p0.g9951259.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-must-gather:v4.11.0-202208020706.p0.g32bca40.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-interface-bond-cni-rhel8:v4.11.0-202208020235.p0.gd69bd07.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-metrics-daemon-rhel8:v4.11.0-202208020235.p0.g9482ac9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-nutanix-machine-controllers-rhel8:v4.11.0-202208020235.p0.ga94eb77.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-apiserver-rhel8:v4.11.0-202208020235.p0.gf60f1c1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-proxy:v4.11.0-202208020235.p0.gaad1b28.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-server-rhel8:v4.11.0-202208020235.p0.g8d80088.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-apiserver-rhel8:v4.11.0-202208020235.p0.g4b6f874.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-controller-manager-rhel8:v4.11.0-202208020235.p0.g46157a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-state-metrics-rhel8:v4.11.0-202208020235.p0.g1a7a5dc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gae4c45c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-machine-controllers:v4.11.0-202208020235.p0.g440ca42.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-lifecycle-manager:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-marketplace:v4.11.0-202208020235.p0.g040c64e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-registry:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovirt-machine-controllers-rhel8:v4.11.0-202208020235.p0.g5a93d94.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovn-kubernetes:v4.11.0-202208020706.p0.g2e00ec0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-pod:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g8ace6e9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-machine-controllers-rhel8:v4.11.0-202208020235.p0.g76649b3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prom-label-proxy:v4.11.0-202208020235.p0.gaf12fbc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-alertmanager:v4.11.0-202208020235.p0.g05cfc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-config-reloader:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-node-exporter:v4.11.0-202208020235.p0.g0102201.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator-admission-webhook-rhel8:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus:v4.11.0-202208020235.p0.gd2dfc27.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-sdn-rhel8:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-service-ca-operator:v4.11.0-202208020235.p0.g0899d11.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-telemeter:v4.11.0-202208020235.p0.g77b2966.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tests:v4.11.0-202208020706.p0.gb860532.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-thanos-rhel8:v4.11.0-202208020235.p0.gf08da2d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tools-rhel8:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g6fd8e8d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gf67d1d0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-problem-detector-rhel8:v4.11.0-202208020235.p0.g5910f33.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel7:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g7a30e38.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30321", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30321" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30321", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30321" }, { "category": "external", "summary": "https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930", "url": "https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930" }, { "category": "external", "summary": "CVE-2022-30321", "url": "https://access.redhat.com/security/cve/CVE-2022-30321" }, { "category": "external", "summary": "bz#2092918: unsafe download (issue 1 of 3)", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092918" } ], "release_date": "2022-05-24T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.11:openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-rhel8-operator:v4.11.0-202208020235.p0.g22b522c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202208020235.p0.g0f415d1.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2022:5069" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.11:openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-rhel8-operator:v4.11.0-202208020235.p0.g22b522c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202208020235.p0.g0f415d1.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2022-05-25T00:00:00Z", "details": "Important" } ], "title": "unsafe download (issue 1 of 3)" }, { "cve": "CVE-2022-30322", "cwe": { "id": "CWE-229", "name": "Improper Handling of Values" }, "discovery_date": "2022-05-25T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.11:openshift4/cloud-network-config-controller-rhel8:v4.11.0-202208020706.p0.g7a3c3c9.assembly.stream", "8Base-RHOSE-4.11:openshift4/driver-toolkit-rhel8:v4.11.0-202208020947.p0.g4e799c0.assembly.stream", "8Base-RHOSE-4.11:openshift4/egress-router-cni-rhel8:v4.11.0-202208020235.p0.gfccaf1d.assembly.stream", "8Base-RHOSE-4.11:openshift4/network-tools-rhel8:v4.11.0-202208020947.p0.g1845124.assembly.stream", "8Base-RHOSE-4.11:openshift4/oc-mirror-plugin-rhel8:v4.11.0-202208020235.p0.g3c1c80c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-api-server-rhel8:v4.11.0-202208020706.p0.g0f52647.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-csr-approver-rhel8:v4.11.0-202208020706.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-node-agent-rhel8:v4.11.0-202208020235.p0.gb17b06b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-orchestrator-rhel8:v4.11.0-202208020235.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g79dddb1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.11.0-202208020235.p0.g8dd7ae6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.11.0-202208020235.p0.gf70a51b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-machine-controllers-rhel8:v4.11.0-202208020235.p0.g4145108.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-apiserver-network-proxy-rhel8:v4.11.0-202208020235.p0.g1966e0d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gea1a9b2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gb3fe15b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g2c7529e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.11.0-202208020235.p0.g7564046.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.11.0-202208020235.p0.ga085f1c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-node-manager-rhel8:v4.11.0-202208020706.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.ga851a35.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gc4197c3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8:v4.11.0-202208020235.p0.g0fe424e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gcbe7044.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-rhel8:v4.11.0-202208020235.p0.g67c3831.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-installer-rhel8:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-runtimecfg-rhel8:v4.11.0-202208020235.p0.g70d770d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli-artifacts:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cloud-credential-operator:v4.11.0-202208020235.p0.g9a40d74.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-api-rhel8:v4.11.0-202208020235.p0.gf9c215c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-authentication-operator:v4.11.0-202208020235.p0.ge2bcbaa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler-operator:v4.11.0-202208020706.p0.gfcffbcd.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler:v4.11.0-202208020235.p0.g80a9b6d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-bootstrap:v4.11.0-202208020235.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-operator-container-rhel8:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-rhel8-operator:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.11.0-202208020235.p0.gc2f2cbf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-config-operator:v4.11.0-202208020235.p0.g0e01b06.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.11.0-202208020706.p0.g8d0774f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-dns-operator:v4.11.0-202208020235.p0.g8998093.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-etcd-rhel8-operator:v4.11.0-202208020235.p0.gbcae2f3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-image-registry-operator:v4.11.0-202208020235.p0.g4d66ea3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-ingress-operator:v4.11.0-202208020235.p0.g2432dad.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-apiserver-operator:v4.11.0-202208020235.p0.gc7c94db.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-cluster-api-rhel8-operator:v4.11.0-202208020235.p0.g55efc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-controller-manager-operator:v4.11.0-202208020235.p0.ga6cb428.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-scheduler-operator:v4.11.0-202208020235.p0.gb8fed26.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.11.0-202208020235.p0.g12d050a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-machine-approver:v4.11.0-202208020235.p0.g3ee1fe4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-monitoring-operator:v4.11.0-202208020235.p0.gfcc377d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-network-operator:v4.11.0-202208020235.p0.g3528a6b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-node-tuning-operator:v4.11.0-202208020235.p0.ga7921b7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-apiserver-operator:v4.11.0-202208020235.p0.g5ddbeef.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-controller-manager-operator:v4.11.0-202208020235.p0.g0315835.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-policy-controller-rhel8:v4.11.0-202208020235.p0.gc7201ed.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-samples-operator:v4.11.0-202208020235.p0.g375a4a9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-storage-operator:v4.11.0-202208020235.p0.gce8a6de.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-update-keys:v4.11.0-202207070244.p0.g289032f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-version-operator:v4.11.0-202208020235.p0.g96cc88c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-configmap-reloader:v4.11.0-202208020235.p0.gb7c03bb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console-operator:v4.11.0-202208020235.p0.g501e91f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console:v4.11.0-202208021257.p0.ge0d49a2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-container-networking-plugins-rhel8:v4.11.0-202208020235.p0.g0ad9da6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-coredns:v4.11.0-202208020235.p0.g7fe212f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8-operator:v4.11.0-202208020235.p0.g12cb253.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-nfs-rhel8:v4.11.0-202208020235.p0.gf144bb4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.11.0-202208020706.p0.gd3985eb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-webhook-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher-rhel8:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner-rhel8:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer-rhel8:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe-rhel8:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar-rhel8:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-deployer:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-builder:v4.11.0-202208020235.p0.gb500d85.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-registry:v4.11.0-202208020235.p0.g9f07f43.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-etcd:v4.11.0-202208020235.p0.g80cc14e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g9a303b1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gff20dda.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gbc7bad4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.11.0-202208020235.p0.gf9d7fdc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-grafana:v4.11.0-202208020235.p0.g6773185.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-haproxy-router:v4.11.0-202208020235.p0.g601ba57.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hyperkube:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hypershift-rhel8:v4.11.0-202208020235.p0.g65f10a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gce83696.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.ge4a2180.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.11.0-202208020235.p0.gc85624d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.11.0-202208020235.p0.g32e18fa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.11.0-202208020235.p0.g3bde969.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-image-customization-controller-rhel8:v4.11.0-202208020235.p0.g42b4b1f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-insights-rhel8-operator:v4.11.0-202208020235.p0.g0929403.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer-artifacts:v4.11.0-202208020706.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-agent-rhel8:v4.11.0-202207132222.p0.gd84c963.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.11.0-202208020235.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-rhel8:v4.11.0-202207132222.p0.gb1863f8.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-static-ip-manager-rhel8:v4.11.0-202207070244.p0.g84a378e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-k8s-prometheus-adapter:v4.11.0-202208020235.p0.g32fb8ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-keepalived-ipfailover:v4.11.0-202207070244.p0.gf1330f6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-proxy:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-rbac-proxy:v4.11.0-202208020235.p0.ga805ba5.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-state-metrics:v4.11.0-202208020235.p0.g896d000.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-storage-version-migrator-rhel8:v4.11.0-202208020235.p0.g596745c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-cni-rhel8:v4.11.0-202208020235.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-controller-rhel8:v4.11.0-202208011446.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-libvirt-machine-controllers:v4.11.0-202208020235.p0.gb6e14ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-operator:v4.11.0-202208020235.p0.g4e3e83c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-aws-rhel8:v4.11.0-202208020235.p0.gd701bcb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-azure-rhel8:v4.11.0-202208020706.p0.g93b3f9e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-gcp-rhel8:v4.11.0-202208020235.p0.g17a3a9f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-openstack-rhel8:v4.11.0-202208020235.p0.geb7e497.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-config-operator:v4.11.0-202208020235.p0.ge722bb7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-os-images-rhel8:v4.11.0-202208020235.p0.g1150735.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-admission-controller:v4.11.0-202208020235.p0.gf38aae4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-cni:v4.11.0-202208020235.p0.g3cc5a3a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-networkpolicy-rhel8:v4.11.0-202208020706.p0.g643fdaf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-route-override-cni-rhel8:v4.11.0-202208020235.p0.g523b790.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.11.0-202208020235.p0.g9951259.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-must-gather:v4.11.0-202208020706.p0.g32bca40.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-interface-bond-cni-rhel8:v4.11.0-202208020235.p0.gd69bd07.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-metrics-daemon-rhel8:v4.11.0-202208020235.p0.g9482ac9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-nutanix-machine-controllers-rhel8:v4.11.0-202208020235.p0.ga94eb77.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-apiserver-rhel8:v4.11.0-202208020235.p0.gf60f1c1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-proxy:v4.11.0-202208020235.p0.gaad1b28.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-server-rhel8:v4.11.0-202208020235.p0.g8d80088.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-apiserver-rhel8:v4.11.0-202208020235.p0.g4b6f874.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-controller-manager-rhel8:v4.11.0-202208020235.p0.g46157a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-state-metrics-rhel8:v4.11.0-202208020235.p0.g1a7a5dc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gae4c45c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-machine-controllers:v4.11.0-202208020235.p0.g440ca42.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-lifecycle-manager:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-marketplace:v4.11.0-202208020235.p0.g040c64e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-registry:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovirt-machine-controllers-rhel8:v4.11.0-202208020235.p0.g5a93d94.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovn-kubernetes:v4.11.0-202208020706.p0.g2e00ec0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-pod:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g8ace6e9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-machine-controllers-rhel8:v4.11.0-202208020235.p0.g76649b3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prom-label-proxy:v4.11.0-202208020235.p0.gaf12fbc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-alertmanager:v4.11.0-202208020235.p0.g05cfc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-config-reloader:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-node-exporter:v4.11.0-202208020235.p0.g0102201.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator-admission-webhook-rhel8:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus:v4.11.0-202208020235.p0.gd2dfc27.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-sdn-rhel8:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-service-ca-operator:v4.11.0-202208020235.p0.g0899d11.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-telemeter:v4.11.0-202208020235.p0.g77b2966.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tests:v4.11.0-202208020706.p0.gb860532.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-thanos-rhel8:v4.11.0-202208020235.p0.gf08da2d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tools-rhel8:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g6fd8e8d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gf67d1d0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-problem-detector-rhel8:v4.11.0-202208020235.p0.g5910f33.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel7:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g7a30e38.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=2092923" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in go-getter. Several vulnerabilities were identified in the way go-getter processes HTTP responses, response headers, and password-protected ZIP files. This flaw allows an attacker to bypass certain configuration settings and may lead to a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "unsafe download (issue 2 of 3)", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.11:openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-rhel8-operator:v4.11.0-202208020235.p0.g22b522c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202208020235.p0.g0f415d1.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.11:openshift4/cloud-network-config-controller-rhel8:v4.11.0-202208020706.p0.g7a3c3c9.assembly.stream", "8Base-RHOSE-4.11:openshift4/driver-toolkit-rhel8:v4.11.0-202208020947.p0.g4e799c0.assembly.stream", "8Base-RHOSE-4.11:openshift4/egress-router-cni-rhel8:v4.11.0-202208020235.p0.gfccaf1d.assembly.stream", "8Base-RHOSE-4.11:openshift4/network-tools-rhel8:v4.11.0-202208020947.p0.g1845124.assembly.stream", "8Base-RHOSE-4.11:openshift4/oc-mirror-plugin-rhel8:v4.11.0-202208020235.p0.g3c1c80c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-api-server-rhel8:v4.11.0-202208020706.p0.g0f52647.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-csr-approver-rhel8:v4.11.0-202208020706.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-node-agent-rhel8:v4.11.0-202208020235.p0.gb17b06b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-orchestrator-rhel8:v4.11.0-202208020235.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g79dddb1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.11.0-202208020235.p0.g8dd7ae6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.11.0-202208020235.p0.gf70a51b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-machine-controllers-rhel8:v4.11.0-202208020235.p0.g4145108.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-apiserver-network-proxy-rhel8:v4.11.0-202208020235.p0.g1966e0d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gea1a9b2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gb3fe15b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g2c7529e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.11.0-202208020235.p0.g7564046.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.11.0-202208020235.p0.ga085f1c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-node-manager-rhel8:v4.11.0-202208020706.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.ga851a35.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gc4197c3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8:v4.11.0-202208020235.p0.g0fe424e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gcbe7044.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-rhel8:v4.11.0-202208020235.p0.g67c3831.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-installer-rhel8:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-runtimecfg-rhel8:v4.11.0-202208020235.p0.g70d770d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli-artifacts:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cloud-credential-operator:v4.11.0-202208020235.p0.g9a40d74.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-api-rhel8:v4.11.0-202208020235.p0.gf9c215c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-authentication-operator:v4.11.0-202208020235.p0.ge2bcbaa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler-operator:v4.11.0-202208020706.p0.gfcffbcd.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler:v4.11.0-202208020235.p0.g80a9b6d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-bootstrap:v4.11.0-202208020235.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-operator-container-rhel8:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-rhel8-operator:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.11.0-202208020235.p0.gc2f2cbf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-config-operator:v4.11.0-202208020235.p0.g0e01b06.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.11.0-202208020706.p0.g8d0774f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-dns-operator:v4.11.0-202208020235.p0.g8998093.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-etcd-rhel8-operator:v4.11.0-202208020235.p0.gbcae2f3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-image-registry-operator:v4.11.0-202208020235.p0.g4d66ea3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-ingress-operator:v4.11.0-202208020235.p0.g2432dad.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-apiserver-operator:v4.11.0-202208020235.p0.gc7c94db.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-cluster-api-rhel8-operator:v4.11.0-202208020235.p0.g55efc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-controller-manager-operator:v4.11.0-202208020235.p0.ga6cb428.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-scheduler-operator:v4.11.0-202208020235.p0.gb8fed26.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.11.0-202208020235.p0.g12d050a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-machine-approver:v4.11.0-202208020235.p0.g3ee1fe4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-monitoring-operator:v4.11.0-202208020235.p0.gfcc377d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-network-operator:v4.11.0-202208020235.p0.g3528a6b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-node-tuning-operator:v4.11.0-202208020235.p0.ga7921b7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-apiserver-operator:v4.11.0-202208020235.p0.g5ddbeef.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-controller-manager-operator:v4.11.0-202208020235.p0.g0315835.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-policy-controller-rhel8:v4.11.0-202208020235.p0.gc7201ed.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-samples-operator:v4.11.0-202208020235.p0.g375a4a9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-storage-operator:v4.11.0-202208020235.p0.gce8a6de.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-update-keys:v4.11.0-202207070244.p0.g289032f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-version-operator:v4.11.0-202208020235.p0.g96cc88c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-configmap-reloader:v4.11.0-202208020235.p0.gb7c03bb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console-operator:v4.11.0-202208020235.p0.g501e91f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console:v4.11.0-202208021257.p0.ge0d49a2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-container-networking-plugins-rhel8:v4.11.0-202208020235.p0.g0ad9da6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-coredns:v4.11.0-202208020235.p0.g7fe212f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8-operator:v4.11.0-202208020235.p0.g12cb253.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-nfs-rhel8:v4.11.0-202208020235.p0.gf144bb4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.11.0-202208020706.p0.gd3985eb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-webhook-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher-rhel8:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner-rhel8:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer-rhel8:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe-rhel8:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar-rhel8:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-deployer:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-builder:v4.11.0-202208020235.p0.gb500d85.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-registry:v4.11.0-202208020235.p0.g9f07f43.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-etcd:v4.11.0-202208020235.p0.g80cc14e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g9a303b1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gff20dda.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gbc7bad4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.11.0-202208020235.p0.gf9d7fdc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-grafana:v4.11.0-202208020235.p0.g6773185.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-haproxy-router:v4.11.0-202208020235.p0.g601ba57.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hyperkube:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hypershift-rhel8:v4.11.0-202208020235.p0.g65f10a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gce83696.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.ge4a2180.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.11.0-202208020235.p0.gc85624d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.11.0-202208020235.p0.g32e18fa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.11.0-202208020235.p0.g3bde969.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-image-customization-controller-rhel8:v4.11.0-202208020235.p0.g42b4b1f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-insights-rhel8-operator:v4.11.0-202208020235.p0.g0929403.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer-artifacts:v4.11.0-202208020706.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-agent-rhel8:v4.11.0-202207132222.p0.gd84c963.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.11.0-202208020235.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-rhel8:v4.11.0-202207132222.p0.gb1863f8.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-static-ip-manager-rhel8:v4.11.0-202207070244.p0.g84a378e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-k8s-prometheus-adapter:v4.11.0-202208020235.p0.g32fb8ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-keepalived-ipfailover:v4.11.0-202207070244.p0.gf1330f6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-proxy:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-rbac-proxy:v4.11.0-202208020235.p0.ga805ba5.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-state-metrics:v4.11.0-202208020235.p0.g896d000.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-storage-version-migrator-rhel8:v4.11.0-202208020235.p0.g596745c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-cni-rhel8:v4.11.0-202208020235.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-controller-rhel8:v4.11.0-202208011446.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-libvirt-machine-controllers:v4.11.0-202208020235.p0.gb6e14ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-operator:v4.11.0-202208020235.p0.g4e3e83c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-aws-rhel8:v4.11.0-202208020235.p0.gd701bcb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-azure-rhel8:v4.11.0-202208020706.p0.g93b3f9e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-gcp-rhel8:v4.11.0-202208020235.p0.g17a3a9f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-openstack-rhel8:v4.11.0-202208020235.p0.geb7e497.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-config-operator:v4.11.0-202208020235.p0.ge722bb7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-os-images-rhel8:v4.11.0-202208020235.p0.g1150735.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-admission-controller:v4.11.0-202208020235.p0.gf38aae4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-cni:v4.11.0-202208020235.p0.g3cc5a3a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-networkpolicy-rhel8:v4.11.0-202208020706.p0.g643fdaf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-route-override-cni-rhel8:v4.11.0-202208020235.p0.g523b790.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.11.0-202208020235.p0.g9951259.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-must-gather:v4.11.0-202208020706.p0.g32bca40.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-interface-bond-cni-rhel8:v4.11.0-202208020235.p0.gd69bd07.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-metrics-daemon-rhel8:v4.11.0-202208020235.p0.g9482ac9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-nutanix-machine-controllers-rhel8:v4.11.0-202208020235.p0.ga94eb77.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-apiserver-rhel8:v4.11.0-202208020235.p0.gf60f1c1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-proxy:v4.11.0-202208020235.p0.gaad1b28.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-server-rhel8:v4.11.0-202208020235.p0.g8d80088.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-apiserver-rhel8:v4.11.0-202208020235.p0.g4b6f874.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-controller-manager-rhel8:v4.11.0-202208020235.p0.g46157a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-state-metrics-rhel8:v4.11.0-202208020235.p0.g1a7a5dc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gae4c45c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-machine-controllers:v4.11.0-202208020235.p0.g440ca42.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-lifecycle-manager:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-marketplace:v4.11.0-202208020235.p0.g040c64e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-registry:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovirt-machine-controllers-rhel8:v4.11.0-202208020235.p0.g5a93d94.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovn-kubernetes:v4.11.0-202208020706.p0.g2e00ec0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-pod:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g8ace6e9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-machine-controllers-rhel8:v4.11.0-202208020235.p0.g76649b3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prom-label-proxy:v4.11.0-202208020235.p0.gaf12fbc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-alertmanager:v4.11.0-202208020235.p0.g05cfc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-config-reloader:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-node-exporter:v4.11.0-202208020235.p0.g0102201.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator-admission-webhook-rhel8:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus:v4.11.0-202208020235.p0.gd2dfc27.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-sdn-rhel8:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-service-ca-operator:v4.11.0-202208020235.p0.g0899d11.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-telemeter:v4.11.0-202208020235.p0.g77b2966.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tests:v4.11.0-202208020706.p0.gb860532.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-thanos-rhel8:v4.11.0-202208020235.p0.gf08da2d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tools-rhel8:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g6fd8e8d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gf67d1d0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-problem-detector-rhel8:v4.11.0-202208020235.p0.g5910f33.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel7:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g7a30e38.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30322", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30322" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30322", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30322" }, { "category": "external", "summary": "https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930", "url": "https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930" }, { "category": "external", "summary": "CVE-2022-30322", "url": "https://access.redhat.com/security/cve/CVE-2022-30322" }, { "category": "external", "summary": "bz#2092923: unsafe download (issue 2 of 3)", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092923" } ], "release_date": "2022-05-24T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.11:openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-rhel8-operator:v4.11.0-202208020235.p0.g22b522c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202208020235.p0.g0f415d1.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2022:5069" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.11:openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-rhel8-operator:v4.11.0-202208020235.p0.g22b522c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202208020235.p0.g0f415d1.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2022-05-25T00:00:00Z", "details": "Important" } ], "title": "unsafe download (issue 2 of 3)" }, { "cve": "CVE-2022-30323", "cwe": { "id": "CWE-229", "name": "Improper Handling of Values" }, "discovery_date": "2022-05-25T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.11:openshift4/cloud-network-config-controller-rhel8:v4.11.0-202208020706.p0.g7a3c3c9.assembly.stream", "8Base-RHOSE-4.11:openshift4/driver-toolkit-rhel8:v4.11.0-202208020947.p0.g4e799c0.assembly.stream", "8Base-RHOSE-4.11:openshift4/egress-router-cni-rhel8:v4.11.0-202208020235.p0.gfccaf1d.assembly.stream", "8Base-RHOSE-4.11:openshift4/network-tools-rhel8:v4.11.0-202208020947.p0.g1845124.assembly.stream", "8Base-RHOSE-4.11:openshift4/oc-mirror-plugin-rhel8:v4.11.0-202208020235.p0.g3c1c80c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-api-server-rhel8:v4.11.0-202208020706.p0.g0f52647.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-csr-approver-rhel8:v4.11.0-202208020706.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-node-agent-rhel8:v4.11.0-202208020235.p0.gb17b06b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-orchestrator-rhel8:v4.11.0-202208020235.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g79dddb1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.11.0-202208020235.p0.g8dd7ae6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.11.0-202208020235.p0.gf70a51b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-machine-controllers-rhel8:v4.11.0-202208020235.p0.g4145108.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-apiserver-network-proxy-rhel8:v4.11.0-202208020235.p0.g1966e0d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gea1a9b2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gb3fe15b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g2c7529e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.11.0-202208020235.p0.g7564046.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.11.0-202208020235.p0.ga085f1c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-node-manager-rhel8:v4.11.0-202208020706.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.ga851a35.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gc4197c3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8:v4.11.0-202208020235.p0.g0fe424e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gcbe7044.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-rhel8:v4.11.0-202208020235.p0.g67c3831.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-installer-rhel8:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-runtimecfg-rhel8:v4.11.0-202208020235.p0.g70d770d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli-artifacts:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cloud-credential-operator:v4.11.0-202208020235.p0.g9a40d74.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-api-rhel8:v4.11.0-202208020235.p0.gf9c215c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-authentication-operator:v4.11.0-202208020235.p0.ge2bcbaa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler-operator:v4.11.0-202208020706.p0.gfcffbcd.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler:v4.11.0-202208020235.p0.g80a9b6d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-bootstrap:v4.11.0-202208020235.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-operator-container-rhel8:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-rhel8-operator:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.11.0-202208020235.p0.gc2f2cbf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-config-operator:v4.11.0-202208020235.p0.g0e01b06.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.11.0-202208020706.p0.g8d0774f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-dns-operator:v4.11.0-202208020235.p0.g8998093.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-etcd-rhel8-operator:v4.11.0-202208020235.p0.gbcae2f3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-image-registry-operator:v4.11.0-202208020235.p0.g4d66ea3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-ingress-operator:v4.11.0-202208020235.p0.g2432dad.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-apiserver-operator:v4.11.0-202208020235.p0.gc7c94db.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-cluster-api-rhel8-operator:v4.11.0-202208020235.p0.g55efc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-controller-manager-operator:v4.11.0-202208020235.p0.ga6cb428.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-scheduler-operator:v4.11.0-202208020235.p0.gb8fed26.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.11.0-202208020235.p0.g12d050a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-machine-approver:v4.11.0-202208020235.p0.g3ee1fe4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-monitoring-operator:v4.11.0-202208020235.p0.gfcc377d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-network-operator:v4.11.0-202208020235.p0.g3528a6b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-node-tuning-operator:v4.11.0-202208020235.p0.ga7921b7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-apiserver-operator:v4.11.0-202208020235.p0.g5ddbeef.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-controller-manager-operator:v4.11.0-202208020235.p0.g0315835.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-policy-controller-rhel8:v4.11.0-202208020235.p0.gc7201ed.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-samples-operator:v4.11.0-202208020235.p0.g375a4a9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-storage-operator:v4.11.0-202208020235.p0.gce8a6de.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-update-keys:v4.11.0-202207070244.p0.g289032f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-version-operator:v4.11.0-202208020235.p0.g96cc88c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-configmap-reloader:v4.11.0-202208020235.p0.gb7c03bb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console-operator:v4.11.0-202208020235.p0.g501e91f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console:v4.11.0-202208021257.p0.ge0d49a2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-container-networking-plugins-rhel8:v4.11.0-202208020235.p0.g0ad9da6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-coredns:v4.11.0-202208020235.p0.g7fe212f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8-operator:v4.11.0-202208020235.p0.g12cb253.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-nfs-rhel8:v4.11.0-202208020235.p0.gf144bb4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.11.0-202208020706.p0.gd3985eb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-webhook-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher-rhel8:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner-rhel8:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer-rhel8:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe-rhel8:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar-rhel8:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-deployer:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-builder:v4.11.0-202208020235.p0.gb500d85.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-registry:v4.11.0-202208020235.p0.g9f07f43.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-etcd:v4.11.0-202208020235.p0.g80cc14e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g9a303b1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gff20dda.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gbc7bad4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.11.0-202208020235.p0.gf9d7fdc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-grafana:v4.11.0-202208020235.p0.g6773185.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-haproxy-router:v4.11.0-202208020235.p0.g601ba57.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hyperkube:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hypershift-rhel8:v4.11.0-202208020235.p0.g65f10a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gce83696.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.ge4a2180.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.11.0-202208020235.p0.gc85624d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.11.0-202208020235.p0.g32e18fa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.11.0-202208020235.p0.g3bde969.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-image-customization-controller-rhel8:v4.11.0-202208020235.p0.g42b4b1f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-insights-rhel8-operator:v4.11.0-202208020235.p0.g0929403.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer-artifacts:v4.11.0-202208020706.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-agent-rhel8:v4.11.0-202207132222.p0.gd84c963.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.11.0-202208020235.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-rhel8:v4.11.0-202207132222.p0.gb1863f8.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-static-ip-manager-rhel8:v4.11.0-202207070244.p0.g84a378e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-k8s-prometheus-adapter:v4.11.0-202208020235.p0.g32fb8ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-keepalived-ipfailover:v4.11.0-202207070244.p0.gf1330f6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-proxy:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-rbac-proxy:v4.11.0-202208020235.p0.ga805ba5.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-state-metrics:v4.11.0-202208020235.p0.g896d000.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-storage-version-migrator-rhel8:v4.11.0-202208020235.p0.g596745c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-cni-rhel8:v4.11.0-202208020235.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-controller-rhel8:v4.11.0-202208011446.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-libvirt-machine-controllers:v4.11.0-202208020235.p0.gb6e14ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-operator:v4.11.0-202208020235.p0.g4e3e83c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-aws-rhel8:v4.11.0-202208020235.p0.gd701bcb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-azure-rhel8:v4.11.0-202208020706.p0.g93b3f9e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-gcp-rhel8:v4.11.0-202208020235.p0.g17a3a9f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-openstack-rhel8:v4.11.0-202208020235.p0.geb7e497.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-config-operator:v4.11.0-202208020235.p0.ge722bb7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-os-images-rhel8:v4.11.0-202208020235.p0.g1150735.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-admission-controller:v4.11.0-202208020235.p0.gf38aae4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-cni:v4.11.0-202208020235.p0.g3cc5a3a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-networkpolicy-rhel8:v4.11.0-202208020706.p0.g643fdaf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-route-override-cni-rhel8:v4.11.0-202208020235.p0.g523b790.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.11.0-202208020235.p0.g9951259.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-must-gather:v4.11.0-202208020706.p0.g32bca40.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-interface-bond-cni-rhel8:v4.11.0-202208020235.p0.gd69bd07.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-metrics-daemon-rhel8:v4.11.0-202208020235.p0.g9482ac9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-nutanix-machine-controllers-rhel8:v4.11.0-202208020235.p0.ga94eb77.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-apiserver-rhel8:v4.11.0-202208020235.p0.gf60f1c1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-proxy:v4.11.0-202208020235.p0.gaad1b28.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-server-rhel8:v4.11.0-202208020235.p0.g8d80088.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-apiserver-rhel8:v4.11.0-202208020235.p0.g4b6f874.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-controller-manager-rhel8:v4.11.0-202208020235.p0.g46157a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-state-metrics-rhel8:v4.11.0-202208020235.p0.g1a7a5dc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gae4c45c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-machine-controllers:v4.11.0-202208020235.p0.g440ca42.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-lifecycle-manager:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-marketplace:v4.11.0-202208020235.p0.g040c64e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-registry:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovirt-machine-controllers-rhel8:v4.11.0-202208020235.p0.g5a93d94.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovn-kubernetes:v4.11.0-202208020706.p0.g2e00ec0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-pod:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g8ace6e9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-machine-controllers-rhel8:v4.11.0-202208020235.p0.g76649b3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prom-label-proxy:v4.11.0-202208020235.p0.gaf12fbc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-alertmanager:v4.11.0-202208020235.p0.g05cfc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-config-reloader:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-node-exporter:v4.11.0-202208020235.p0.g0102201.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator-admission-webhook-rhel8:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus:v4.11.0-202208020235.p0.gd2dfc27.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-sdn-rhel8:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-service-ca-operator:v4.11.0-202208020235.p0.g0899d11.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-telemeter:v4.11.0-202208020235.p0.g77b2966.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tests:v4.11.0-202208020706.p0.gb860532.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-thanos-rhel8:v4.11.0-202208020235.p0.gf08da2d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tools-rhel8:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g6fd8e8d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gf67d1d0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-problem-detector-rhel8:v4.11.0-202208020235.p0.g5910f33.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel7:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g7a30e38.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=2092925" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in go-getter. Several vulnerabilities were identified in how go-getter processes HTTP responses, response headers, and password-protected ZIP files. This flaw allows an attacker to bypass certain configuration settings and may lead to a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "unsafe download (issue 3 of 3)", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.11:openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-rhel8-operator:v4.11.0-202208020235.p0.g22b522c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202208020235.p0.g0f415d1.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.11:openshift4/cloud-network-config-controller-rhel8:v4.11.0-202208020706.p0.g7a3c3c9.assembly.stream", "8Base-RHOSE-4.11:openshift4/driver-toolkit-rhel8:v4.11.0-202208020947.p0.g4e799c0.assembly.stream", "8Base-RHOSE-4.11:openshift4/egress-router-cni-rhel8:v4.11.0-202208020235.p0.gfccaf1d.assembly.stream", "8Base-RHOSE-4.11:openshift4/network-tools-rhel8:v4.11.0-202208020947.p0.g1845124.assembly.stream", "8Base-RHOSE-4.11:openshift4/oc-mirror-plugin-rhel8:v4.11.0-202208020235.p0.g3c1c80c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-api-server-rhel8:v4.11.0-202208020706.p0.g0f52647.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-csr-approver-rhel8:v4.11.0-202208020706.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-node-agent-rhel8:v4.11.0-202208020235.p0.gb17b06b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-agent-installer-orchestrator-rhel8:v4.11.0-202208020235.p0.g9a6e300.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g79dddb1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.11.0-202208020235.p0.g8dd7ae6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.11.0-202208020235.p0.gf70a51b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-alibaba-machine-controllers-rhel8:v4.11.0-202208020235.p0.g4145108.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-apiserver-network-proxy-rhel8:v4.11.0-202208020235.p0.g1966e0d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gea1a9b2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gb3fe15b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g2c7529e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.11.0-202208020235.p0.g7564046.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.11.0-202208020235.p0.ga085f1c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cloud-node-manager-rhel8:v4.11.0-202208020706.p0.gb56f632.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.ga851a35.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gc4197c3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-disk-csi-driver-rhel8:v4.11.0-202208020235.p0.g0fe424e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gcbe7044.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-azure-file-csi-driver-rhel8:v4.11.0-202208020235.p0.g67c3831.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-installer-rhel8:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-runtimecfg-rhel8:v4.11.0-202208020235.p0.g70d770d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli-artifacts:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cli:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cloud-credential-operator:v4.11.0-202208020235.p0.g9a40d74.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-api-rhel8:v4.11.0-202208020235.p0.gf9c215c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-authentication-operator:v4.11.0-202208020235.p0.ge2bcbaa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler-operator:v4.11.0-202208020706.p0.gfcffbcd.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-autoscaler:v4.11.0-202208020235.p0.g80a9b6d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-bootstrap:v4.11.0-202208020235.p0.gf22d1c6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-operator-container-rhel8:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-capi-rhel8-operator:v4.11.0-202208020235.p0.g1a88f55.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.11.0-202208020235.p0.gc2f2cbf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-config-operator:v4.11.0-202208020235.p0.g0e01b06.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.11.0-202208020706.p0.g8d0774f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-dns-operator:v4.11.0-202208020235.p0.g8998093.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-etcd-rhel8-operator:v4.11.0-202208020235.p0.gbcae2f3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-image-registry-operator:v4.11.0-202208020235.p0.g4d66ea3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-ingress-operator:v4.11.0-202208020235.p0.g2432dad.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-apiserver-operator:v4.11.0-202208020235.p0.gc7c94db.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-cluster-api-rhel8-operator:v4.11.0-202208020235.p0.g55efc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-controller-manager-operator:v4.11.0-202208020235.p0.ga6cb428.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-scheduler-operator:v4.11.0-202208020235.p0.gb8fed26.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.11.0-202208020235.p0.g12d050a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-machine-approver:v4.11.0-202208020235.p0.g3ee1fe4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-monitoring-operator:v4.11.0-202208020235.p0.gfcc377d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-network-operator:v4.11.0-202208020235.p0.g3528a6b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-node-tuning-operator:v4.11.0-202208020235.p0.ga7921b7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-apiserver-operator:v4.11.0-202208020235.p0.g5ddbeef.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-openshift-controller-manager-operator:v4.11.0-202208020235.p0.g0315835.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-policy-controller-rhel8:v4.11.0-202208020235.p0.gc7201ed.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-samples-operator:v4.11.0-202208020235.p0.g375a4a9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-storage-operator:v4.11.0-202208020235.p0.gce8a6de.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-update-keys:v4.11.0-202207070244.p0.g289032f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-version-operator:v4.11.0-202208020235.p0.g96cc88c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-configmap-reloader:v4.11.0-202208020235.p0.gb7c03bb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console-operator:v4.11.0-202208020235.p0.g501e91f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-console:v4.11.0-202208021257.p0.ge0d49a2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-container-networking-plugins-rhel8:v4.11.0-202208020235.p0.g0ad9da6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-coredns:v4.11.0-202208020235.p0.g7fe212f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8-operator:v4.11.0-202208020235.p0.g12cb253.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-manila-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-nfs-rhel8:v4.11.0-202208020235.p0.gf144bb4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.11.0-202208020706.p0.gd3985eb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-driver-shared-resource-webhook-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher-rhel8:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-attacher:v4.11.0-202208020235.p0.gda5442f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner-rhel8:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-provisioner:v4.11.0-202208020235.p0.g86277ec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer-rhel8:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-resizer:v4.11.0-202208020235.p0.g2cea576.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-external-snapshotter:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe-rhel8:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-livenessprobe:v4.11.0-202208020235.p0.g7319607.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar-rhel8:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-node-driver-registrar:v4.11.0-202208020235.p0.g710109c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-controller:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-deployer:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-builder:v4.11.0-202208020235.p0.gb500d85.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-docker-registry:v4.11.0-202208020235.p0.g9f07f43.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-etcd:v4.11.0-202208020235.p0.g80cc14e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g9a303b1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gff20dda.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gbc7bad4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.11.0-202208020235.p0.gf9d7fdc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-grafana:v4.11.0-202208020235.p0.g6773185.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-haproxy-router:v4.11.0-202208020235.p0.g601ba57.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hyperkube:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-hypershift-rhel8:v4.11.0-202208020235.p0.g65f10a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.gce83696.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.ge4a2180.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.11.0-202208020235.p0.gc85624d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibm-vpc-node-label-updater-rhel8:v4.11.0-202208020235.p0.g32e18fa.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.11.0-202208020235.p0.g3bde969.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-image-customization-controller-rhel8:v4.11.0-202208020235.p0.g42b4b1f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-insights-rhel8-operator:v4.11.0-202208020235.p0.g0929403.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer-artifacts:v4.11.0-202208020706.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-installer:v4.11.0-202208020235.p0.g3768430.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-agent-rhel8:v4.11.0-202207132222.p0.gd84c963.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.11.0-202208020235.p0.g81fe297.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-rhel8:v4.11.0-202207132222.p0.gb1863f8.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ironic-static-ip-manager-rhel8:v4.11.0-202207070244.p0.g84a378e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-k8s-prometheus-adapter:v4.11.0-202208020235.p0.g32fb8ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-keepalived-ipfailover:v4.11.0-202207070244.p0.gf1330f6.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-proxy:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-rbac-proxy:v4.11.0-202208020235.p0.ga805ba5.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-state-metrics:v4.11.0-202208020235.p0.g896d000.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kube-storage-version-migrator-rhel8:v4.11.0-202208020235.p0.g596745c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-cni-rhel8:v4.11.0-202208020235.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-kuryr-controller-rhel8:v4.11.0-202208011446.p0.g66c0cec.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-libvirt-machine-controllers:v4.11.0-202208020235.p0.gb6e14ea.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-operator:v4.11.0-202208020235.p0.g4e3e83c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-aws-rhel8:v4.11.0-202208020235.p0.gd701bcb.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-azure-rhel8:v4.11.0-202208020706.p0.g93b3f9e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-gcp-rhel8:v4.11.0-202208020235.p0.g17a3a9f.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-api-provider-openstack-rhel8:v4.11.0-202208020235.p0.geb7e497.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-config-operator:v4.11.0-202208020235.p0.ge722bb7.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-machine-os-images-rhel8:v4.11.0-202208020235.p0.g1150735.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-admission-controller:v4.11.0-202208020235.p0.gf38aae4.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-cni:v4.11.0-202208020235.p0.g3cc5a3a.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-networkpolicy-rhel8:v4.11.0-202208020706.p0.g643fdaf.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-route-override-cni-rhel8:v4.11.0-202208020235.p0.g523b790.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.11.0-202208020235.p0.g9951259.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-must-gather:v4.11.0-202208020706.p0.g32bca40.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-interface-bond-cni-rhel8:v4.11.0-202208020235.p0.gd69bd07.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-network-metrics-daemon-rhel8:v4.11.0-202208020235.p0.g9482ac9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-nutanix-machine-controllers-rhel8:v4.11.0-202208020235.p0.ga94eb77.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-apiserver-rhel8:v4.11.0-202208020235.p0.gf60f1c1.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-proxy:v4.11.0-202208020235.p0.gaad1b28.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-oauth-server-rhel8:v4.11.0-202208020235.p0.g8d80088.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-apiserver-rhel8:v4.11.0-202208020235.p0.g4b6f874.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-controller-manager-rhel8:v4.11.0-202208020235.p0.g46157a3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openshift-state-metrics-rhel8:v4.11.0-202208020235.p0.g1a7a5dc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gae4c45c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g246ae15.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-openstack-machine-controllers:v4.11.0-202208020235.p0.g440ca42.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-lifecycle-manager:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-marketplace:v4.11.0-202208020235.p0.g040c64e.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-operator-registry:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovirt-machine-controllers-rhel8:v4.11.0-202208020235.p0.g5a93d94.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-ovn-kubernetes:v4.11.0-202208020706.p0.g2e00ec0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-pod:v4.11.0-202208020235.p0.g9546431.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g8ace6e9.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-powervs-machine-controllers-rhel8:v4.11.0-202208020235.p0.g76649b3.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prom-label-proxy:v4.11.0-202208020235.p0.gaf12fbc.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-alertmanager:v4.11.0-202208020235.p0.g05cfc39.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-config-reloader:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-node-exporter:v4.11.0-202208020235.p0.g0102201.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator-admission-webhook-rhel8:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus-operator:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-prometheus:v4.11.0-202208020235.p0.gd2dfc27.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-sdn-rhel8:v4.11.0-202208020235.p0.gb76d388.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-service-ca-operator:v4.11.0-202208020235.p0.g0899d11.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-telemeter:v4.11.0-202208020235.p0.g77b2966.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tests:v4.11.0-202208020706.p0.gb860532.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-thanos-rhel8:v4.11.0-202208020235.p0.gf08da2d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-tools-rhel8:v4.11.0-202208020706.p0.g7075089.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g6fd8e8d.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-cluster-api-controllers-rhel8:v4.11.0-202208020235.p0.gf67d1d0.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.11.0-202208020235.p0.gd4721ba.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-vsphere-problem-detector-rhel8:v4.11.0-202208020235.p0.g5910f33.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel7:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g7a30e38.assembly.stream", "8Base-RHOSE-4.11:openshift4/ovirt-csi-driver-rhel8:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30323", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30323" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30323", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30323" }, { "category": "external", "summary": "https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930", "url": "https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930" }, { "category": "external", "summary": "CVE-2022-30323", "url": "https://access.redhat.com/security/cve/CVE-2022-30323" }, { "category": "external", "summary": "bz#2092925: unsafe download (issue 3 of 3)", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092925" } ], "release_date": "2022-05-24T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.11:openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-rhel8-operator:v4.11.0-202208020235.p0.g22b522c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202208020235.p0.g0f415d1.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2022:5069" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.11:openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-baremetal-rhel8-operator:v4.11.0-202208020235.p0.g22b522c.assembly.stream", "8Base-RHOSE-4.11:openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202208020235.p0.g0f415d1.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2022-05-25T00:00:00Z", "details": "Important" } ], "title": "unsafe download (issue 3 of 3)" } ] }
rhsa-2023_1049
Vulnerability from csaf_redhat
Published
2023-03-01 21:58
Modified
2024-09-19 07:52
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update
Notes
Topic
A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.2 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* keycloak: XSS on impersonation under specific circumstances (CVE-2022-1438)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* keycloak: missing email notification template allowlist (CVE-2022-1274)
* keycloak: minimist: prototype pollution (CVE-2021-44906)
* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
* undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)
* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)
* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)
* keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)
* keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)
* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)
* keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)
* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
* rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
* jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)
* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)
* keycloak: reflected XSS attack (CVE-2022-4137)
* Keycloak Node.js Adapter: Open redirect vulnerability in checkSSO (CVE-2022-2237)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.2 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n* keycloak: XSS on impersonation under specific circumstances (CVE-2022-1438)\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n* keycloak: missing email notification template allowlist (CVE-2022-1274)\n* keycloak: minimist: prototype pollution (CVE-2021-44906)\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n* undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n* loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)\n* keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)\n* keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n* keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)\n* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n* rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n* jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n* jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n* keycloak: reflected XSS attack (CVE-2022-4137)\n* Keycloak Node.js Adapter: Open redirect vulnerability in checkSSO (CVE-2022-2237)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:1049", "url": "https://access.redhat.com/errata/RHSA-2023:1049" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1601614", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614" }, { "category": "external", "summary": "1601617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617" }, { "category": "external", "summary": "1701972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972" }, { "category": "external", "summary": "1828406", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406" }, { "category": "external", "summary": "2031904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031904" }, { "category": "external", "summary": "2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "2073157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073157" }, { "category": "external", "summary": "2097007", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097007" }, { "category": "external", "summary": "2105075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075" }, { "category": "external", "summary": "2117506", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117506" }, { "category": "external", "summary": "2126789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789" }, { "category": "external", "summary": "2129706", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706" }, { "category": "external", "summary": "2129707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707" }, { "category": "external", "summary": "2129709", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129709" }, { "category": "external", "summary": "2135244", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244" }, { "category": "external", "summary": "2135247", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247" }, { "category": "external", "summary": "2135770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770" }, { "category": "external", "summary": "2135771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771" }, { "category": "external", "summary": "2138971", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138971" }, { "category": "external", "summary": "2140597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597" }, { "category": "external", "summary": "2141404", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141404" }, { "category": "external", "summary": "2145194", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194" }, { "category": "external", "summary": "2148496", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148496" }, { "category": "external", "summary": "2150009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009" }, { "category": "external", "summary": "2155681", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681" }, { "category": "external", "summary": "2155682", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682" }, { "category": "external", "summary": "2155970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970" }, { "category": "external", "summary": "2156263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263" }, { "category": "external", "summary": "2156324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324" }, { "category": "external", "summary": "2158585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158585" }, { "category": "external", "summary": "2160585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160585" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_1049.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update", "tracking": { "current_release_date": "2024-09-19T07:52:29+00:00", "generator": { "date": "2024-09-19T07:52:29+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2023:1049", "initial_release_date": "2023-03-01T21:58:17+00:00", "revision_history": [ { "date": "2023-03-01T21:58:17+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-03-01T21:58:17+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-19T07:52:29+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7", "product": { "name": "Red Hat Single Sign-On 7", "product_id": "Red Hat Single Sign-On 7", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-14040", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2018-07-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1601614" } ], "notes": [ { "category": "description", "text": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.", "title": "Vulnerability description" }, { "category": "summary", "text": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14040" }, { "category": "external", "summary": "RHBZ#1601614", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14040", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14040" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040" } ], "release_date": "2018-05-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute" }, { "cve": "CVE-2018-14042", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2018-07-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1601617" } ], "notes": [ { "category": "description", "text": "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.", "title": "Vulnerability description" }, { "category": "summary", "text": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14042" }, { "category": "external", "summary": "RHBZ#1601617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14042", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14042" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042" } ], "release_date": "2018-05-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip" }, { "cve": "CVE-2019-11358", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2019-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1701972" } ], "notes": [ { "category": "description", "text": "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.", "title": "Vulnerability description" }, { "category": "summary", "text": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-11358" }, { "category": "external", "summary": "RHBZ#1701972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-11358", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11358" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358" }, { "category": "external", "summary": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/" }, { "category": "external", "summary": "https://www.drupal.org/sa-core-2019-006", "url": "https://www.drupal.org/sa-core-2019-006" } ], "release_date": "2019-03-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection" }, { "cve": "CVE-2020-11022", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2020-04-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828406" } ], "notes": [ { "category": "description", "text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.", "title": "Vulnerability description" }, { "category": "summary", "text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", "title": "Vulnerability summary" }, { "category": "other", "text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11022" }, { "category": "external", "summary": "RHBZ#1828406", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11022" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", "url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2" } ], "release_date": "2020-04-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method" }, { "cve": "CVE-2020-11023", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2020-06-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1850004" } ], "notes": [ { "category": "description", "text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. However, the vulnerability has not been found to be exploitable in reasonable scenarios. \n\nIn RHEL7, pcs-0.9.169-3.el7_9.3 [RHSA-2022:7343] contains an updated version of jquery (3.6.0), which does not contain the vulnerable code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11023" }, { "category": "external", "summary": "RHBZ#1850004", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023" }, { "category": "external", "summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", "url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/" } ], "release_date": "2020-04-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods" }, { "cve": "CVE-2021-35065", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-12-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156324" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "glob-parent: Regular Expression Denial of Service", "title": "Vulnerability summary" }, { "category": "other", "text": "The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-35065" }, { "category": "external", "summary": "RHBZ#2156324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-35065", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35065" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065" }, { "category": "external", "summary": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294", "url": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294" } ], "release_date": "2022-12-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "glob-parent: Regular Expression Denial of Service" }, { "cve": "CVE-2021-44906", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066009" } ], "notes": [ { "category": "description", "text": "An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "minimist: prototype pollution", "title": "Vulnerability summary" }, { "category": "other", "text": "The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. While this flaw (CVE-2021-44906) enables attackers to control objects that they should not have access to, actual exploitation would still require a chain of independent flaws. Even though the CVSS for CVE-2021-44906 is higher than CVE-2020-7598, they are both rated as having Moderate impact.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44906" }, { "category": "external", "summary": "RHBZ#2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h" } ], "release_date": "2022-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "minimist: prototype pollution" }, { "acknowledgments": [ { "names": [ "Marcus Nilsson" ], "organization": "usd AG" } ], "cve": "CVE-2022-1274", "cwe": { "id": "CWE-80", "name": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)" }, "discovery_date": "2022-04-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073157" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: HTML injection in execute-actions-email Admin REST API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1274" }, { "category": "external", "summary": "RHBZ#2073157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073157" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1274", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1274" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1274", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1274" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725" } ], "release_date": "2023-02-28T18:57:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: HTML injection in execute-actions-email Admin REST API" }, { "acknowledgments": [ { "names": [ "Grzegorz Tworek" ], "organization": "SISOFT s.c." } ], "cve": "CVE-2022-1438", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2021-12-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031904" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: XSS on impersonation under specific circumstances", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1438" }, { "category": "external", "summary": "RHBZ#2031904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031904" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1438", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1438" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1438", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1438" } ], "release_date": "2023-02-28T18:56:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: XSS on impersonation under specific circumstances" }, { "cve": "CVE-2022-1471", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-12-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2150009" } ], "notes": [ { "category": "description", "text": "A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE).", "title": "Vulnerability description" }, { "category": "summary", "text": "SnakeYaml: Constructor Deserialization Remote Code Execution", "title": "Vulnerability summary" }, { "category": "other", "text": "In the Red Hat Process Automation 7 (RHPAM) the untrusted, malicious YAML file for deserialization by the vulnerable Snakeyaml\u0027s SafeConstructor class must be provided intentionally by the RHPAM user which requires high privileges. The potential attack complexity is also high because it depends on conditions that are beyond the attacker\u0027s control. Due to that the impact for RHPAM is reduced to Low.\n\nRed Hat Fuse 7 does not expose by default any endpoint that passes incoming data/request into vulnerable Snakeyaml\u0027s Constructor class nor pass untrusted data to this class. When this class is used, it\u2019s still only used to parse internal configuration, hence the impact by this vulnerability to Red Hat Fuse 7 is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1471" }, { "category": "external", "summary": "RHBZ#2150009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1471", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471" }, { "category": "external", "summary": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2", "url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2" } ], "release_date": "2022-10-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "SnakeYaml: Constructor Deserialization Remote Code Execution" }, { "acknowledgments": [ { "names": [ "Ayta\u00e7 Kal\u0131nc\u0131", "Ilker Bulgurcu", "Yasin Y\u0131lmaz" ], "organization": "NETA\u015e PENTEST TEAM" } ], "cve": "CVE-2022-2237", "cwe": { "id": "CWE-601", "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)" }, "discovery_date": "2022-06-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2097007" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Open Redirect vulnerability in the checkSso function.", "title": "Vulnerability description" }, { "category": "summary", "text": "Adapter: Open redirect vulnerability in checkSSO", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported. Therefore, this flaw will not be addressed in CodeReady Studio. Please see https://developers.redhat.com/articles/2022/04/18/announcement-red-hat-codeready-studio-reaches-end-life for more information.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2237" }, { "category": "external", "summary": "RHBZ#2097007", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097007" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2237", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2237" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2237", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2237" } ], "release_date": "2023-03-01T13:57:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Adapter: Open redirect vulnerability in checkSSO" }, { "cve": "CVE-2022-2764", "discovery_date": "2022-08-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2117506" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LAST_CHUNK from the bytes, causing a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2764" }, { "category": "external", "summary": "RHBZ#2117506", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117506" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2764", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2764" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2764", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2764" } ], "release_date": "2022-08-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations" }, { "cve": "CVE-2022-3782", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-10-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2138971" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: path traversal via double URL encoding", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-3782" }, { "category": "external", "summary": "RHBZ#2138971", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138971" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3782", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3782" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3782" } ], "release_date": "2022-12-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "keycloak: path traversal via double URL encoding" }, { "acknowledgments": [ { "names": [ "Peter Flintholm" ], "organization": "Trifork" } ], "cve": "CVE-2022-3916", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2022-11-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2141404" } ], "notes": [ { "category": "description", "text": "A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Session takeover with OIDC offline refreshtokens", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-3916" }, { "category": "external", "summary": "RHBZ#2141404", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141404" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3916", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3916" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3916" } ], "release_date": "2022-11-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Session takeover with OIDC offline refreshtokens" }, { "cve": "CVE-2022-4137", "cwe": { "id": "CWE-81", "name": "Improper Neutralization of Script in an Error Message Web Page" }, "discovery_date": "2022-11-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2148496" } ], "notes": [ { "category": "description", "text": "A reflected cross-site scripting (XSS) vulnerability was found in the \u0027oob\u0027 OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: reflected XSS attack", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-4137" }, { "category": "external", "summary": "RHBZ#2148496", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148496" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-4137", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4137" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4137", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4137" } ], "release_date": "2023-03-01T13:56:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "keycloak: reflected XSS attack" }, { "cve": "CVE-2022-24785", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-04-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2072009" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "Moment.js: Path traversal in moment.locale", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24785" }, { "category": "external", "summary": "RHBZ#2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", "url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4" } ], "release_date": "2022-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" }, { "category": "workaround", "details": "Sanitize the user-provided locale name before passing it to Moment.js.", "product_ids": [ "Red Hat Single Sign-On 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Moment.js: Path traversal in moment.locale" }, { "cve": "CVE-2022-25857", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-09-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2126789" } ], "notes": [ { "category": "description", "text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections", "title": "Vulnerability summary" }, { "category": "other", "text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25857" }, { "category": "external", "summary": "RHBZ#2126789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857" }, { "category": "external", "summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525" } ], "release_date": "2022-08-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections" }, { "cve": "CVE-2022-31129", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-07-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2105075" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "moment: inefficient parsing algorithm resulting in DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-31129" }, { "category": "external", "summary": "RHBZ#2105075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31129", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31129" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g", "url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g" } ], "release_date": "2022-07-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "moment: inefficient parsing algorithm resulting in DoS" }, { "cve": "CVE-2022-37603", "cwe": { "id": "CWE-185", "name": "Incorrect Regular Expression" }, "discovery_date": "2022-11-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2140597" } ], "notes": [ { "category": "description", "text": "A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.", "title": "Vulnerability description" }, { "category": "summary", "text": "loader-utils: Regular expression denial of service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-37603" }, { "category": "external", "summary": "RHBZ#2140597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-37603", "url": "https://www.cve.org/CVERecord?id=CVE-2022-37603" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603" } ], "release_date": "2022-10-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "loader-utils: Regular expression denial of service" }, { "cve": "CVE-2022-38749", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-09-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2129706" } ], "notes": [ { "category": "description", "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38749" }, { "category": "external", "summary": "RHBZ#2129706", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38749", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38749" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749" } ], "release_date": "2022-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode" }, { "cve": "CVE-2022-38750", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-09-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2129707" } ], "notes": [ { "category": "description", "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38750" }, { "category": "external", "summary": "RHBZ#2129707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38750", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38750" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750" } ], "release_date": "2022-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject" }, { "cve": "CVE-2022-38751", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-09-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2129709" } ], "notes": [ { "category": "description", "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38751" }, { "category": "external", "summary": "RHBZ#2129709", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129709" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38751", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38751" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751" } ], "release_date": "2022-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match" }, { "cve": "CVE-2022-40149", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-10-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135771" } ], "notes": [ { "category": "description", "text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: parser crash by stackoverflow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-40149" }, { "category": "external", "summary": "RHBZ#2135771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40149" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149" }, { "category": "external", "summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", "url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1" } ], "release_date": "2022-09-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jettison: parser crash by stackoverflow" }, { "cve": "CVE-2022-40150", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-10-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135770" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: memory exhaustion via user-supplied XML or JSON data", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-40150" }, { "category": "external", "summary": "RHBZ#2135770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40150" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150" }, { "category": "external", "summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", "url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1" } ], "release_date": "2022-09-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jettison: memory exhaustion via user-supplied XML or JSON data" }, { "cve": "CVE-2022-42003", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-10-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135244" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42003" }, { "category": "external", "summary": "RHBZ#2135244", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003" } ], "release_date": "2022-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS" }, { "cve": "CVE-2022-42004", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-10-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135247" } ], "notes": [ { "category": "description", "text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: use of deeply nested arrays", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42004" }, { "category": "external", "summary": "RHBZ#2135247", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004" } ], "release_date": "2022-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: use of deeply nested arrays" }, { "cve": "CVE-2022-45047", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-11-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2145194" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.", "title": "Vulnerability description" }, { "category": "summary", "text": "mina-sshd: Java unsafe deserialization vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Impact as High as there\u0027s a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it\u0027s very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-45047" }, { "category": "external", "summary": "RHBZ#2145194", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-45047", "url": "https://www.cve.org/CVERecord?id=CVE-2022-45047" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047" }, { "category": "external", "summary": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", "url": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html" } ], "release_date": "2022-11-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" }, { "category": "workaround", "details": "From the maintainer:\n\nFor Apache MINA SSHD \u003c= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server\u0027s host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).", "product_ids": [ "Red Hat Single Sign-On 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "mina-sshd: Java unsafe deserialization vulnerability" }, { "cve": "CVE-2022-45693", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-12-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2155970" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-45693" }, { "category": "external", "summary": "RHBZ#2155970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-45693", "url": "https://www.cve.org/CVERecord?id=CVE-2022-45693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693" } ], "release_date": "2022-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos" }, { "cve": "CVE-2022-46175", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-12-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156263" } ], "notes": [ { "category": "description", "text": "A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.", "title": "Vulnerability description" }, { "category": "summary", "text": "json5: Prototype Pollution in JSON5 via Parse Method", "title": "Vulnerability summary" }, { "category": "other", "text": "The json5 package is a build-time dependency in Red Hat products and is not used in production runtime. Hence, the impact is set to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-46175" }, { "category": "external", "summary": "RHBZ#2156263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46175", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175" }, { "category": "external", "summary": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h", "url": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h" } ], "release_date": "2022-12-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "json5: Prototype Pollution in JSON5 via Parse Method" }, { "cve": "CVE-2022-46363", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2022-12-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2155681" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.", "title": "Vulnerability description" }, { "category": "summary", "text": "CXF: directory listing / code exfiltration", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-46363" }, { "category": "external", "summary": "RHBZ#2155681", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46363", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46363" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363" }, { "category": "external", "summary": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", "url": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c" } ], "release_date": "2022-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "CXF: directory listing / code exfiltration" }, { "cve": "CVE-2022-46364", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2022-12-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2155682" } ], "notes": [ { "category": "description", "text": "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", "title": "Vulnerability description" }, { "category": "summary", "text": "CXF: SSRF Vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-46364" }, { "category": "external", "summary": "RHBZ#2155682", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46364", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46364" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364" }, { "category": "external", "summary": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2", "url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2" } ], "release_date": "2022-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "CXF: SSRF Vulnerability" }, { "acknowledgments": [ { "names": [ "Sourav Kumar" ], "organization": "https://github.com/souravs17031999", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2023-0091", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2022-10-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2158585" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Client Registration endpoint does not check token revocation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-0091" }, { "category": "external", "summary": "RHBZ#2158585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158585" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0091", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0091" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0091", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0091" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg" }, { "category": "external", "summary": "https://github.com/keycloak/security/issues/27", "url": "https://github.com/keycloak/security/issues/27" } ], "release_date": "2022-10-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: Client Registration endpoint does not check token revocation" }, { "acknowledgments": [ { "names": [ "Jordi Zayuelas i Mu\u00f1oz" ], "organization": "A1 Digital", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2023-0264", "cwe": { "id": "CWE-303", "name": "Incorrect Implementation of Authentication Algorithm" }, "discovery_date": "2023-01-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2160585" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak\u0027s OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, Integrity, and availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: user impersonation via stolen uuid code", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-0264" }, { "category": "external", "summary": "RHBZ#2160585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160585" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0264", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0264" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0264", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0264" } ], "release_date": "2023-02-28T18:58:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1049" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: user impersonation via stolen uuid code" } ] }
rhsa-2023_0321
Vulnerability from csaf_redhat
Published
2023-01-23 15:20
Modified
2024-09-16 10:32
Summary
Red Hat Security Advisory: nodejs and nodejs-nodemon security, bug fix, and enhancement update
Notes
Topic
An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs (16.18.1), nodejs-nodemon (2.0.20).
Security Fix(es):
* minimist: prototype pollution (CVE-2021-44906)
* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)
* nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)
* nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* nodejs: Packaged version of undici does not fit with declared version. [rhel-9] (BZ#2151627)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (16.18.1), nodejs-nodemon (2.0.20).\n\nSecurity Fix(es):\n\n* minimist: prototype pollution (CVE-2021-44906)\n\n* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)\n\n* nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)\n\n* nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* nodejs: Packaged version of undici does not fit with declared version. [rhel-9] (BZ#2151627)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:0321", "url": "https://access.redhat.com/errata/RHSA-2023:0321" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "2130518", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130518" }, { "category": "external", "summary": "2134609", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134609" }, { "category": "external", "summary": "2140911", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140911" }, { "category": "external", "summary": "2142808", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142808" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_0321.json" } ], "title": "Red Hat Security Advisory: nodejs and nodejs-nodemon security, bug fix, and enhancement update", "tracking": { "current_release_date": "2024-09-16T10:32:46+00:00", "generator": { "date": "2024-09-16T10:32:46+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2023:0321", "initial_release_date": "2023-01-23T15:20:34+00:00", "revision_history": [ { "date": "2023-01-23T15:20:34+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-01-23T15:20:34+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-16T10:32:46+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 9)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:9::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "nodejs-nodemon-0:2.0.20-2.el9_1.src", "product": { "name": "nodejs-nodemon-0:2.0.20-2.el9_1.src", "product_id": "nodejs-nodemon-0:2.0.20-2.el9_1.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.20-2.el9_1?arch=src" } } }, { "category": "product_version", "name": "nodejs-1:16.18.1-3.el9_1.src", "product": { "name": "nodejs-1:16.18.1-3.el9_1.src", "product_id": "nodejs-1:16.18.1-3.el9_1.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@16.18.1-3.el9_1?arch=src\u0026epoch=1" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "nodejs-nodemon-0:2.0.20-2.el9_1.noarch", "product": { "name": "nodejs-nodemon-0:2.0.20-2.el9_1.noarch", "product_id": "nodejs-nodemon-0:2.0.20-2.el9_1.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.20-2.el9_1?arch=noarch" } } }, { "category": "product_version", "name": "nodejs-docs-1:16.18.1-3.el9_1.noarch", "product": { "name": "nodejs-docs-1:16.18.1-3.el9_1.noarch", "product_id": "nodejs-docs-1:16.18.1-3.el9_1.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-docs@16.18.1-3.el9_1?arch=noarch\u0026epoch=1" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:16.18.1-3.el9_1.aarch64", "product": { "name": "nodejs-1:16.18.1-3.el9_1.aarch64", "product_id": "nodejs-1:16.18.1-3.el9_1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@16.18.1-3.el9_1?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-full-i18n-1:16.18.1-3.el9_1.aarch64", "product": { "name": "nodejs-full-i18n-1:16.18.1-3.el9_1.aarch64", "product_id": "nodejs-full-i18n-1:16.18.1-3.el9_1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-full-i18n@16.18.1-3.el9_1?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-libs-1:16.18.1-3.el9_1.aarch64", "product": { "name": "nodejs-libs-1:16.18.1-3.el9_1.aarch64", "product_id": "nodejs-libs-1:16.18.1-3.el9_1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-libs@16.18.1-3.el9_1?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:8.19.2-1.16.18.1.3.el9_1.aarch64", "product": { "name": "npm-1:8.19.2-1.16.18.1.3.el9_1.aarch64", "product_id": "npm-1:8.19.2-1.16.18.1.3.el9_1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@8.19.2-1.16.18.1.3.el9_1?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:16.18.1-3.el9_1.aarch64", "product": { "name": "nodejs-debugsource-1:16.18.1-3.el9_1.aarch64", "product_id": "nodejs-debugsource-1:16.18.1-3.el9_1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@16.18.1-3.el9_1?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:16.18.1-3.el9_1.aarch64", "product": { "name": "nodejs-debuginfo-1:16.18.1-3.el9_1.aarch64", "product_id": "nodejs-debuginfo-1:16.18.1-3.el9_1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@16.18.1-3.el9_1?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-libs-debuginfo-1:16.18.1-3.el9_1.aarch64", "product": { "name": "nodejs-libs-debuginfo-1:16.18.1-3.el9_1.aarch64", "product_id": "nodejs-libs-debuginfo-1:16.18.1-3.el9_1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@16.18.1-3.el9_1?arch=aarch64\u0026epoch=1" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:16.18.1-3.el9_1.ppc64le", "product": { "name": "nodejs-1:16.18.1-3.el9_1.ppc64le", "product_id": "nodejs-1:16.18.1-3.el9_1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@16.18.1-3.el9_1?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-full-i18n-1:16.18.1-3.el9_1.ppc64le", "product": { "name": "nodejs-full-i18n-1:16.18.1-3.el9_1.ppc64le", "product_id": "nodejs-full-i18n-1:16.18.1-3.el9_1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-full-i18n@16.18.1-3.el9_1?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-libs-1:16.18.1-3.el9_1.ppc64le", "product": { "name": "nodejs-libs-1:16.18.1-3.el9_1.ppc64le", "product_id": "nodejs-libs-1:16.18.1-3.el9_1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-libs@16.18.1-3.el9_1?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:8.19.2-1.16.18.1.3.el9_1.ppc64le", "product": { "name": "npm-1:8.19.2-1.16.18.1.3.el9_1.ppc64le", "product_id": "npm-1:8.19.2-1.16.18.1.3.el9_1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@8.19.2-1.16.18.1.3.el9_1?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:16.18.1-3.el9_1.ppc64le", "product": { "name": "nodejs-debugsource-1:16.18.1-3.el9_1.ppc64le", "product_id": "nodejs-debugsource-1:16.18.1-3.el9_1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@16.18.1-3.el9_1?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:16.18.1-3.el9_1.ppc64le", "product": { "name": "nodejs-debuginfo-1:16.18.1-3.el9_1.ppc64le", "product_id": "nodejs-debuginfo-1:16.18.1-3.el9_1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@16.18.1-3.el9_1?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-libs-debuginfo-1:16.18.1-3.el9_1.ppc64le", "product": { "name": "nodejs-libs-debuginfo-1:16.18.1-3.el9_1.ppc64le", "product_id": "nodejs-libs-debuginfo-1:16.18.1-3.el9_1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@16.18.1-3.el9_1?arch=ppc64le\u0026epoch=1" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:16.18.1-3.el9_1.x86_64", "product": { "name": "nodejs-1:16.18.1-3.el9_1.x86_64", "product_id": "nodejs-1:16.18.1-3.el9_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@16.18.1-3.el9_1?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-full-i18n-1:16.18.1-3.el9_1.x86_64", "product": { "name": "nodejs-full-i18n-1:16.18.1-3.el9_1.x86_64", "product_id": "nodejs-full-i18n-1:16.18.1-3.el9_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-full-i18n@16.18.1-3.el9_1?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-libs-1:16.18.1-3.el9_1.x86_64", "product": { "name": "nodejs-libs-1:16.18.1-3.el9_1.x86_64", "product_id": "nodejs-libs-1:16.18.1-3.el9_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-libs@16.18.1-3.el9_1?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:8.19.2-1.16.18.1.3.el9_1.x86_64", "product": { "name": "npm-1:8.19.2-1.16.18.1.3.el9_1.x86_64", "product_id": "npm-1:8.19.2-1.16.18.1.3.el9_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@8.19.2-1.16.18.1.3.el9_1?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:16.18.1-3.el9_1.x86_64", "product": { "name": "nodejs-debugsource-1:16.18.1-3.el9_1.x86_64", "product_id": "nodejs-debugsource-1:16.18.1-3.el9_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@16.18.1-3.el9_1?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:16.18.1-3.el9_1.x86_64", "product": { "name": "nodejs-debuginfo-1:16.18.1-3.el9_1.x86_64", "product_id": "nodejs-debuginfo-1:16.18.1-3.el9_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@16.18.1-3.el9_1?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-libs-debuginfo-1:16.18.1-3.el9_1.x86_64", "product": { "name": "nodejs-libs-debuginfo-1:16.18.1-3.el9_1.x86_64", "product_id": "nodejs-libs-debuginfo-1:16.18.1-3.el9_1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@16.18.1-3.el9_1?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "nodejs-libs-1:16.18.1-3.el9_1.i686", "product": { "name": "nodejs-libs-1:16.18.1-3.el9_1.i686", "product_id": "nodejs-libs-1:16.18.1-3.el9_1.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-libs@16.18.1-3.el9_1?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:16.18.1-3.el9_1.i686", "product": { "name": "nodejs-debugsource-1:16.18.1-3.el9_1.i686", "product_id": "nodejs-debugsource-1:16.18.1-3.el9_1.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@16.18.1-3.el9_1?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:16.18.1-3.el9_1.i686", "product": { "name": "nodejs-debuginfo-1:16.18.1-3.el9_1.i686", "product_id": "nodejs-debuginfo-1:16.18.1-3.el9_1.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@16.18.1-3.el9_1?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-libs-debuginfo-1:16.18.1-3.el9_1.i686", "product": { "name": "nodejs-libs-debuginfo-1:16.18.1-3.el9_1.i686", "product_id": "nodejs-libs-debuginfo-1:16.18.1-3.el9_1.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@16.18.1-3.el9_1?arch=i686\u0026epoch=1" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:16.18.1-3.el9_1.s390x", "product": { "name": "nodejs-1:16.18.1-3.el9_1.s390x", "product_id": "nodejs-1:16.18.1-3.el9_1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@16.18.1-3.el9_1?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-full-i18n-1:16.18.1-3.el9_1.s390x", "product": { "name": "nodejs-full-i18n-1:16.18.1-3.el9_1.s390x", "product_id": "nodejs-full-i18n-1:16.18.1-3.el9_1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-full-i18n@16.18.1-3.el9_1?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-libs-1:16.18.1-3.el9_1.s390x", "product": { "name": "nodejs-libs-1:16.18.1-3.el9_1.s390x", "product_id": "nodejs-libs-1:16.18.1-3.el9_1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-libs@16.18.1-3.el9_1?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:8.19.2-1.16.18.1.3.el9_1.s390x", "product": { "name": "npm-1:8.19.2-1.16.18.1.3.el9_1.s390x", "product_id": "npm-1:8.19.2-1.16.18.1.3.el9_1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@8.19.2-1.16.18.1.3.el9_1?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:16.18.1-3.el9_1.s390x", "product": { "name": "nodejs-debugsource-1:16.18.1-3.el9_1.s390x", "product_id": "nodejs-debugsource-1:16.18.1-3.el9_1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@16.18.1-3.el9_1?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:16.18.1-3.el9_1.s390x", "product": { "name": "nodejs-debuginfo-1:16.18.1-3.el9_1.s390x", "product_id": "nodejs-debuginfo-1:16.18.1-3.el9_1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@16.18.1-3.el9_1?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-libs-debuginfo-1:16.18.1-3.el9_1.s390x", "product": { "name": "nodejs-libs-debuginfo-1:16.18.1-3.el9_1.s390x", "product_id": "nodejs-libs-debuginfo-1:16.18.1-3.el9_1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@16.18.1-3.el9_1?arch=s390x\u0026epoch=1" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:16.18.1-3.el9_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.aarch64" }, "product_reference": "nodejs-1:16.18.1-3.el9_1.aarch64", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:16.18.1-3.el9_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.ppc64le" }, "product_reference": "nodejs-1:16.18.1-3.el9_1.ppc64le", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:16.18.1-3.el9_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.s390x" }, "product_reference": "nodejs-1:16.18.1-3.el9_1.s390x", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:16.18.1-3.el9_1.src as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.src" }, "product_reference": "nodejs-1:16.18.1-3.el9_1.src", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:16.18.1-3.el9_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.x86_64" }, "product_reference": "nodejs-1:16.18.1-3.el9_1.x86_64", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:16.18.1-3.el9_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.aarch64" }, "product_reference": "nodejs-debuginfo-1:16.18.1-3.el9_1.aarch64", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:16.18.1-3.el9_1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.i686" }, "product_reference": "nodejs-debuginfo-1:16.18.1-3.el9_1.i686", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:16.18.1-3.el9_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.ppc64le" }, "product_reference": "nodejs-debuginfo-1:16.18.1-3.el9_1.ppc64le", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:16.18.1-3.el9_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.s390x" }, "product_reference": "nodejs-debuginfo-1:16.18.1-3.el9_1.s390x", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:16.18.1-3.el9_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.x86_64" }, "product_reference": "nodejs-debuginfo-1:16.18.1-3.el9_1.x86_64", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:16.18.1-3.el9_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.aarch64" }, "product_reference": "nodejs-debugsource-1:16.18.1-3.el9_1.aarch64", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:16.18.1-3.el9_1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.i686" }, "product_reference": "nodejs-debugsource-1:16.18.1-3.el9_1.i686", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:16.18.1-3.el9_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.ppc64le" }, "product_reference": "nodejs-debugsource-1:16.18.1-3.el9_1.ppc64le", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:16.18.1-3.el9_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.s390x" }, "product_reference": "nodejs-debugsource-1:16.18.1-3.el9_1.s390x", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:16.18.1-3.el9_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.x86_64" }, "product_reference": "nodejs-debugsource-1:16.18.1-3.el9_1.x86_64", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-docs-1:16.18.1-3.el9_1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:nodejs-docs-1:16.18.1-3.el9_1.noarch" }, "product_reference": "nodejs-docs-1:16.18.1-3.el9_1.noarch", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-full-i18n-1:16.18.1-3.el9_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.aarch64" }, "product_reference": "nodejs-full-i18n-1:16.18.1-3.el9_1.aarch64", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-full-i18n-1:16.18.1-3.el9_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.ppc64le" }, "product_reference": "nodejs-full-i18n-1:16.18.1-3.el9_1.ppc64le", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-full-i18n-1:16.18.1-3.el9_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.s390x" }, "product_reference": "nodejs-full-i18n-1:16.18.1-3.el9_1.s390x", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-full-i18n-1:16.18.1-3.el9_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.x86_64" }, "product_reference": "nodejs-full-i18n-1:16.18.1-3.el9_1.x86_64", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-libs-1:16.18.1-3.el9_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.aarch64" }, "product_reference": "nodejs-libs-1:16.18.1-3.el9_1.aarch64", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-libs-1:16.18.1-3.el9_1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.i686" }, "product_reference": "nodejs-libs-1:16.18.1-3.el9_1.i686", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-libs-1:16.18.1-3.el9_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.ppc64le" }, "product_reference": "nodejs-libs-1:16.18.1-3.el9_1.ppc64le", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-libs-1:16.18.1-3.el9_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.s390x" }, "product_reference": "nodejs-libs-1:16.18.1-3.el9_1.s390x", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-libs-1:16.18.1-3.el9_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.x86_64" }, "product_reference": "nodejs-libs-1:16.18.1-3.el9_1.x86_64", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-libs-debuginfo-1:16.18.1-3.el9_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.aarch64" }, "product_reference": "nodejs-libs-debuginfo-1:16.18.1-3.el9_1.aarch64", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-libs-debuginfo-1:16.18.1-3.el9_1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.i686" }, "product_reference": "nodejs-libs-debuginfo-1:16.18.1-3.el9_1.i686", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-libs-debuginfo-1:16.18.1-3.el9_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.ppc64le" }, "product_reference": "nodejs-libs-debuginfo-1:16.18.1-3.el9_1.ppc64le", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-libs-debuginfo-1:16.18.1-3.el9_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.s390x" }, "product_reference": "nodejs-libs-debuginfo-1:16.18.1-3.el9_1.s390x", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-libs-debuginfo-1:16.18.1-3.el9_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.x86_64" }, "product_reference": "nodejs-libs-debuginfo-1:16.18.1-3.el9_1.x86_64", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-nodemon-0:2.0.20-2.el9_1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.el9_1.noarch" }, "product_reference": "nodejs-nodemon-0:2.0.20-2.el9_1.noarch", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-nodemon-0:2.0.20-2.el9_1.src as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.el9_1.src" }, "product_reference": "nodejs-nodemon-0:2.0.20-2.el9_1.src", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:8.19.2-1.16.18.1.3.el9_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.aarch64" }, "product_reference": "npm-1:8.19.2-1.16.18.1.3.el9_1.aarch64", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:8.19.2-1.16.18.1.3.el9_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.ppc64le" }, "product_reference": "npm-1:8.19.2-1.16.18.1.3.el9_1.ppc64le", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:8.19.2-1.16.18.1.3.el9_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.s390x" }, "product_reference": "npm-1:8.19.2-1.16.18.1.3.el9_1.s390x", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:8.19.2-1.16.18.1.3.el9_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", "product_id": "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.x86_64" }, "product_reference": "npm-1:8.19.2-1.16.18.1.3.el9_1.x86_64", "relates_to_product_reference": "AppStream-9.1.0.Z.MAIN" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-44906", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066009" } ], "notes": [ { "category": "description", "text": "An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "minimist: prototype pollution", "title": "Vulnerability summary" }, { "category": "other", "text": "The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. While this flaw (CVE-2021-44906) enables attackers to control objects that they should not have access to, actual exploitation would still require a chain of independent flaws. Even though the CVSS for CVE-2021-44906 is higher than CVE-2020-7598, they are both rated as having Moderate impact.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.src", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-docs-1:16.18.1-3.el9_1.noarch", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.el9_1.noarch", "AppStream-9.1.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.el9_1.src", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44906" }, { "category": "external", "summary": "RHBZ#2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h" } ], "release_date": "2022-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.src", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-docs-1:16.18.1-3.el9_1.noarch", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.el9_1.noarch", "AppStream-9.1.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.el9_1.src", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0321" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.src", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-docs-1:16.18.1-3.el9_1.noarch", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.el9_1.noarch", "AppStream-9.1.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.el9_1.src", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "minimist: prototype pollution" }, { "cve": "CVE-2022-3517", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2022-06-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2134609" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-minimatch: ReDoS via the braceExpand function", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.src", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-docs-1:16.18.1-3.el9_1.noarch", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.el9_1.noarch", "AppStream-9.1.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.el9_1.src", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-3517" }, { "category": "external", "summary": "RHBZ#2134609", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134609" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3517", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3517" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3517", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3517" } ], "release_date": "2022-02-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.src", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-docs-1:16.18.1-3.el9_1.noarch", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.el9_1.noarch", "AppStream-9.1.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.el9_1.src", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0321" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.src", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-docs-1:16.18.1-3.el9_1.noarch", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.el9_1.noarch", "AppStream-9.1.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.el9_1.src", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs-minimatch: ReDoS via the braceExpand function" }, { "acknowledgments": [ { "names": [ "VVX7" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2022-35256", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2022-09-28T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "AppStream-9.1.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.el9_1.noarch", "AppStream-9.1.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.el9_1.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2130518" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in NodeJS due to improper validation of HTTP requests. The llhttp parser in the HTTP module in Node.js does not correctly handle header fields that are not terminated with CLRF. This issue may result in HTTP Request Smuggling. This flaw allows a remote attacker to send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: HTTP Request Smuggling due to incorrect parsing of header fields", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.src", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-docs-1:16.18.1-3.el9_1.noarch", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.x86_64" ], "known_not_affected": [ "AppStream-9.1.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.el9_1.noarch", "AppStream-9.1.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.el9_1.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-35256" }, { "category": "external", "summary": "RHBZ#2130518", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130518" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-35256", "url": "https://www.cve.org/CVERecord?id=CVE-2022-35256" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#http-request-smuggling-due-to-incorrect-parsing-of-header-fields-medium-cve-2022-35256", "url": "https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#http-request-smuggling-due-to-incorrect-parsing-of-header-fields-medium-cve-2022-35256" } ], "release_date": "2022-09-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.src", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-docs-1:16.18.1-3.el9_1.noarch", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0321" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.src", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-docs-1:16.18.1-3.el9_1.noarch", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: HTTP Request Smuggling due to incorrect parsing of header fields" }, { "cve": "CVE-2022-43548", "cwe": { "id": "CWE-350", "name": "Reliance on Reverse DNS Resolution for a Security-Critical Action" }, "discovery_date": "2022-11-08T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "AppStream-9.1.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.el9_1.noarch", "AppStream-9.1.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.el9_1.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2140911" } ], "notes": [ { "category": "description", "text": "A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: DNS rebinding in inspect via invalid octal IP address", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.src", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-docs-1:16.18.1-3.el9_1.noarch", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.x86_64" ], "known_not_affected": [ "AppStream-9.1.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.el9_1.noarch", "AppStream-9.1.0.Z.MAIN:nodejs-nodemon-0:2.0.20-2.el9_1.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-43548" }, { "category": "external", "summary": "RHBZ#2140911", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140911" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-43548", "url": "https://www.cve.org/CVERecord?id=CVE-2022-43548" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548", "url": "https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548" } ], "release_date": "2022-11-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.src", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-docs-1:16.18.1-3.el9_1.noarch", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0321" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.src", "AppStream-9.1.0.Z.MAIN:nodejs-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-debuginfo-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-debugsource-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-docs-1:16.18.1-3.el9_1.noarch", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-full-i18n-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-libs-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.i686", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:nodejs-libs-debuginfo-1:16.18.1-3.el9_1.x86_64", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.aarch64", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.ppc64le", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.s390x", "AppStream-9.1.0.Z.MAIN:npm-1:8.19.2-1.16.18.1.3.el9_1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: DNS rebinding in inspect via invalid octal IP address" } ] }
rhsa-2022_5928
Vulnerability from csaf_redhat
Published
2022-08-08 19:43
Modified
2024-09-16 07:50
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.6 Security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.5, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.6 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson (CVE-2022-25647)
* org.jboss.hal-hal-parent: minimist: prototype pollution (CVE-2021-44906)
* netty: world readable temporary file containing sensitive data (CVE-2022-24823)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.5, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.6 Release Notes for information about the most significant bug fixes and enhancements included in this release.\nSecurity Fix(es):\n\n* com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson (CVE-2022-25647)\n\n* org.jboss.hal-hal-parent: minimist: prototype pollution (CVE-2021-44906)\n\n* netty: world readable temporary file containing sensitive data (CVE-2022-24823)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:5928", "url": "https://access.redhat.com/errata/RHSA-2022:5928" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=appplatform\u0026version=7.4", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=appplatform\u0026version=7.4" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/" }, { "category": "external", "summary": "2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "2080850", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080850" }, { "category": "external", "summary": "2087186", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087186" }, { "category": "external", "summary": "JBEAP-17119", "url": "https://issues.redhat.com/browse/JBEAP-17119" }, { "category": "external", "summary": "JBEAP-23344", "url": "https://issues.redhat.com/browse/JBEAP-23344" }, { "category": "external", "summary": "JBEAP-23444", "url": "https://issues.redhat.com/browse/JBEAP-23444" }, { "category": "external", "summary": "JBEAP-23492", "url": "https://issues.redhat.com/browse/JBEAP-23492" }, { "category": "external", "summary": "JBEAP-23526", "url": "https://issues.redhat.com/browse/JBEAP-23526" }, { "category": "external", "summary": "JBEAP-23528", "url": "https://issues.redhat.com/browse/JBEAP-23528" }, { "category": "external", "summary": "JBEAP-23546", "url": "https://issues.redhat.com/browse/JBEAP-23546" }, { "category": "external", "summary": "JBEAP-23550", "url": "https://issues.redhat.com/browse/JBEAP-23550" }, { "category": "external", "summary": "JBEAP-23551", "url": "https://issues.redhat.com/browse/JBEAP-23551" }, { "category": "external", "summary": "JBEAP-23554", "url": "https://issues.redhat.com/browse/JBEAP-23554" }, { "category": "external", "summary": "JBEAP-23556", "url": "https://issues.redhat.com/browse/JBEAP-23556" }, { "category": "external", "summary": "JBEAP-23557", "url": "https://issues.redhat.com/browse/JBEAP-23557" }, { "category": "external", "summary": "JBEAP-23559", "url": "https://issues.redhat.com/browse/JBEAP-23559" }, { "category": "external", "summary": "JBEAP-23561", "url": "https://issues.redhat.com/browse/JBEAP-23561" }, { "category": "external", "summary": "JBEAP-23566", "url": "https://issues.redhat.com/browse/JBEAP-23566" }, { "category": "external", "summary": "JBEAP-23571", "url": "https://issues.redhat.com/browse/JBEAP-23571" }, { "category": "external", "summary": "JBEAP-23626", "url": "https://issues.redhat.com/browse/JBEAP-23626" }, { "category": "external", "summary": "JBEAP-23659", "url": "https://issues.redhat.com/browse/JBEAP-23659" }, { "category": "external", "summary": "JBEAP-23671", "url": "https://issues.redhat.com/browse/JBEAP-23671" }, { "category": "external", "summary": "JBEAP-23686", "url": "https://issues.redhat.com/browse/JBEAP-23686" }, { "category": "external", "summary": "JBEAP-23726", "url": "https://issues.redhat.com/browse/JBEAP-23726" }, { "category": "external", "summary": "JBEAP-23728", "url": "https://issues.redhat.com/browse/JBEAP-23728" }, { "category": "external", "summary": "JBEAP-23806", "url": "https://issues.redhat.com/browse/JBEAP-23806" }, { "category": "external", "summary": "JBEAP-23807", "url": "https://issues.redhat.com/browse/JBEAP-23807" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2022/rhsa-2022_5928.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.6 Security update", "tracking": { "current_release_date": "2024-09-16T07:50:08+00:00", "generator": { "date": "2024-09-16T07:50:08+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2022:5928", "initial_release_date": "2022-08-08T19:43:57+00:00", "revision_history": [ { "date": "2022-08-08T19:43:57+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-08-08T19:43:57+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-16T07:50:08+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 7.1.0", "product": { "name": "Red Hat JBoss Enterprise Application Platform 7.1.0", "product_id": "Red Hat JBoss Enterprise Application Platform 7.1.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-44906", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066009" } ], "notes": [ { "category": "description", "text": "An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "minimist: prototype pollution", "title": "Vulnerability summary" }, { "category": "other", "text": "The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. While this flaw (CVE-2021-44906) enables attackers to control objects that they should not have access to, actual exploitation would still require a chain of independent flaws. Even though the CVSS for CVE-2021-44906 is higher than CVE-2020-7598, they are both rated as having Moderate impact.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7.1.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44906" }, { "category": "external", "summary": "RHBZ#2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h" } ], "release_date": "2022-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7.1.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5928" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7.1.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "minimist: prototype pollution" }, { "cve": "CVE-2022-24823", "cwe": { "id": "CWE-379", "name": "Creation of Temporary File in Directory with Insecure Permissions" }, "discovery_date": "2022-05-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2087186" } ], "notes": [ { "category": "description", "text": "CVE-2021-21290 contains an incomplete fix, and this addresses the issue found in netty. When using multipart decoders in netty, local information disclosure can occur via the local system temporary directory if temporary storing of uploads on the disk is enabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: world readable temporary file containing sensitive data", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users.\n\nRed Hat Satellite 6 is not affected as is using netty 3.6.7 version which is not impacted by this vulnerability.\n\nRed Hat Fuse 7 is now in Maintenance Support Phase and should be fixed soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7.1.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24823" }, { "category": "external", "summary": "RHBZ#2087186", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087186" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24823", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24823" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24823", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24823" } ], "release_date": "2022-05-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7.1.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5928" }, { "category": "workaround", "details": "As a workaround, specify one\u0027s own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7.1.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7.1.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty: world readable temporary file containing sensitive data" }, { "cve": "CVE-2022-25647", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-05-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2080850" } ], "notes": [ { "category": "description", "text": "A flaw was found in gson, which is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes. This issue may lead to availability attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7.1.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25647" }, { "category": "external", "summary": "RHBZ#2080850", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080850" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25647", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25647" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25647", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25647" } ], "release_date": "2022-05-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7.1.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5928" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7.1.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson" } ] }
rhsa-2023_1045
Vulnerability from csaf_redhat
Published
2023-03-01 21:45
Modified
2024-09-19 07:51
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update on RHEL 9
Notes
Topic
New Red Hat Single Sign-On 7.6.2 packages are now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.2 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* keycloak: XSS on impersonation under specific circumstances (CVE-2022-1438)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* keycloak: missing email notification template allowlist (CVE-2022-1274)
* keycloak: minimist: prototype pollution (CVE-2021-44906)
* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
* undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)
* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)
* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)
* keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)
* keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)
* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)
* keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)
* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
* rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
* jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)
* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)
* keycloak: reflected XSS attack (CVE-2022-4137)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "New Red Hat Single Sign-On 7.6.2 packages are now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.2 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* keycloak: XSS on impersonation under specific circumstances (CVE-2022-1438)\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n* keycloak: missing email notification template allowlist (CVE-2022-1274)\n* keycloak: minimist: prototype pollution (CVE-2021-44906)\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n* undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n* loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)\n* keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)\n* keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n* keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)\n* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n* rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n* jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n* jquery: Passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n* jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n* keycloak: reflected XSS attack (CVE-2022-4137)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:1045", "url": "https://access.redhat.com/errata/RHSA-2023:1045" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1601614", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614" }, { "category": "external", "summary": "1601617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617" }, { "category": "external", "summary": "1701972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972" }, { "category": "external", "summary": "1828406", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406" }, { "category": "external", "summary": "2031904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031904" }, { "category": "external", "summary": "2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "2073157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073157" }, { "category": "external", "summary": "2105075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075" }, { "category": "external", "summary": "2117506", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117506" }, { "category": "external", "summary": "2126789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789" }, { "category": "external", "summary": "2129706", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706" }, { "category": "external", "summary": "2129707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707" }, { "category": "external", "summary": "2129709", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129709" }, { "category": "external", "summary": "2135244", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244" }, { "category": "external", "summary": "2135247", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247" }, { "category": "external", "summary": "2135770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770" }, { "category": "external", "summary": "2135771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771" }, { "category": "external", "summary": "2138971", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138971" }, { "category": "external", "summary": "2140597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597" }, { "category": "external", "summary": "2141404", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141404" }, { "category": "external", "summary": "2145194", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194" }, { "category": "external", "summary": "2148496", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148496" }, { "category": "external", "summary": "2150009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009" }, { "category": "external", "summary": "2155681", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681" }, { "category": "external", "summary": "2155682", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682" }, { "category": "external", "summary": "2155970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970" }, { "category": "external", "summary": "2156263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263" }, { "category": "external", "summary": "2156324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324" }, { "category": "external", "summary": "2158585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158585" }, { "category": "external", "summary": "2160585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160585" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_1045.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update on RHEL 9", "tracking": { "current_release_date": "2024-09-19T07:51:58+00:00", "generator": { "date": "2024-09-19T07:51:58+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2023:1045", "initial_release_date": "2023-03-01T21:45:17+00:00", "revision_history": [ { "date": "2023-03-01T21:45:17+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-03-01T21:45:17+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-19T07:51:58+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.6 for RHEL 9", "product": { "name": "Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "product": { "name": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "product_id": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.6-1.redhat_00001.1.el9sso?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "product": { "name": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "product_id": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.6-1.redhat_00001.1.el9sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "product": { "name": "rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "product_id": "rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.6-1.redhat_00001.1.el9sso?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch" }, "product_reference": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src" }, "product_reference": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" }, "product_reference": "rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "relates_to_product_reference": "9Base-RHSSO-7.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-14040", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2018-07-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1601614" } ], "notes": [ { "category": "description", "text": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.", "title": "Vulnerability description" }, { "category": "summary", "text": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14040" }, { "category": "external", "summary": "RHBZ#1601614", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14040", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14040" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040" } ], "release_date": "2018-05-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute" }, { "cve": "CVE-2018-14042", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2018-07-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1601617" } ], "notes": [ { "category": "description", "text": "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.", "title": "Vulnerability description" }, { "category": "summary", "text": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14042" }, { "category": "external", "summary": "RHBZ#1601617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14042", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14042" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042" } ], "release_date": "2018-05-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip" }, { "cve": "CVE-2019-11358", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2019-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1701972" } ], "notes": [ { "category": "description", "text": "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.", "title": "Vulnerability description" }, { "category": "summary", "text": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-11358" }, { "category": "external", "summary": "RHBZ#1701972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-11358", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11358" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358" }, { "category": "external", "summary": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/" }, { "category": "external", "summary": "https://www.drupal.org/sa-core-2019-006", "url": "https://www.drupal.org/sa-core-2019-006" } ], "release_date": "2019-03-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection" }, { "cve": "CVE-2020-11022", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2020-04-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828406" } ], "notes": [ { "category": "description", "text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.", "title": "Vulnerability description" }, { "category": "summary", "text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", "title": "Vulnerability summary" }, { "category": "other", "text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11022" }, { "category": "external", "summary": "RHBZ#1828406", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11022" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", "url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2" } ], "release_date": "2020-04-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method" }, { "cve": "CVE-2020-11023", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2020-06-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1850004" } ], "notes": [ { "category": "description", "text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. However, the vulnerability has not been found to be exploitable in reasonable scenarios. \n\nIn RHEL7, pcs-0.9.169-3.el7_9.3 [RHSA-2022:7343] contains an updated version of jquery (3.6.0), which does not contain the vulnerable code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11023" }, { "category": "external", "summary": "RHBZ#1850004", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023" }, { "category": "external", "summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", "url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/" } ], "release_date": "2020-04-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods" }, { "cve": "CVE-2021-35065", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-12-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156324" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "glob-parent: Regular Expression Denial of Service", "title": "Vulnerability summary" }, { "category": "other", "text": "The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-35065" }, { "category": "external", "summary": "RHBZ#2156324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-35065", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35065" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065" }, { "category": "external", "summary": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294", "url": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294" } ], "release_date": "2022-12-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "glob-parent: Regular Expression Denial of Service" }, { "cve": "CVE-2021-44906", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066009" } ], "notes": [ { "category": "description", "text": "An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "minimist: prototype pollution", "title": "Vulnerability summary" }, { "category": "other", "text": "The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. While this flaw (CVE-2021-44906) enables attackers to control objects that they should not have access to, actual exploitation would still require a chain of independent flaws. Even though the CVSS for CVE-2021-44906 is higher than CVE-2020-7598, they are both rated as having Moderate impact.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44906" }, { "category": "external", "summary": "RHBZ#2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h" } ], "release_date": "2022-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "minimist: prototype pollution" }, { "acknowledgments": [ { "names": [ "Marcus Nilsson" ], "organization": "usd AG" } ], "cve": "CVE-2022-1274", "cwe": { "id": "CWE-80", "name": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)" }, "discovery_date": "2022-04-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073157" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: HTML injection in execute-actions-email Admin REST API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1274" }, { "category": "external", "summary": "RHBZ#2073157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073157" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1274", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1274" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1274", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1274" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725" } ], "release_date": "2023-02-28T18:57:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: HTML injection in execute-actions-email Admin REST API" }, { "acknowledgments": [ { "names": [ "Grzegorz Tworek" ], "organization": "SISOFT s.c." } ], "cve": "CVE-2022-1438", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2021-12-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031904" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: XSS on impersonation under specific circumstances", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1438" }, { "category": "external", "summary": "RHBZ#2031904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031904" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1438", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1438" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1438", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1438" } ], "release_date": "2023-02-28T18:56:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: XSS on impersonation under specific circumstances" }, { "cve": "CVE-2022-1471", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-12-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2150009" } ], "notes": [ { "category": "description", "text": "A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE).", "title": "Vulnerability description" }, { "category": "summary", "text": "SnakeYaml: Constructor Deserialization Remote Code Execution", "title": "Vulnerability summary" }, { "category": "other", "text": "In the Red Hat Process Automation 7 (RHPAM) the untrusted, malicious YAML file for deserialization by the vulnerable Snakeyaml\u0027s SafeConstructor class must be provided intentionally by the RHPAM user which requires high privileges. The potential attack complexity is also high because it depends on conditions that are beyond the attacker\u0027s control. Due to that the impact for RHPAM is reduced to Low.\n\nRed Hat Fuse 7 does not expose by default any endpoint that passes incoming data/request into vulnerable Snakeyaml\u0027s Constructor class nor pass untrusted data to this class. When this class is used, it\u2019s still only used to parse internal configuration, hence the impact by this vulnerability to Red Hat Fuse 7 is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1471" }, { "category": "external", "summary": "RHBZ#2150009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1471", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471" }, { "category": "external", "summary": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2", "url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2" } ], "release_date": "2022-10-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "SnakeYaml: Constructor Deserialization Remote Code Execution" }, { "cve": "CVE-2022-2764", "discovery_date": "2022-08-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2117506" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LAST_CHUNK from the bytes, causing a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2764" }, { "category": "external", "summary": "RHBZ#2117506", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117506" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2764", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2764" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2764", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2764" } ], "release_date": "2022-08-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations" }, { "acknowledgments": [ { "names": [ "Peter Flintholm" ], "organization": "Trifork" } ], "cve": "CVE-2022-3916", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2022-11-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2141404" } ], "notes": [ { "category": "description", "text": "A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Session takeover with OIDC offline refreshtokens", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-3916" }, { "category": "external", "summary": "RHBZ#2141404", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141404" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3916", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3916" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3916" } ], "release_date": "2022-11-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Session takeover with OIDC offline refreshtokens" }, { "cve": "CVE-2022-4137", "cwe": { "id": "CWE-81", "name": "Improper Neutralization of Script in an Error Message Web Page" }, "discovery_date": "2022-11-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2148496" } ], "notes": [ { "category": "description", "text": "A reflected cross-site scripting (XSS) vulnerability was found in the \u0027oob\u0027 OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: reflected XSS attack", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-4137" }, { "category": "external", "summary": "RHBZ#2148496", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148496" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-4137", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4137" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4137", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4137" } ], "release_date": "2023-03-01T13:56:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "keycloak: reflected XSS attack" }, { "cve": "CVE-2022-24785", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-04-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2072009" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "Moment.js: Path traversal in moment.locale", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24785" }, { "category": "external", "summary": "RHBZ#2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", "url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4" } ], "release_date": "2022-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" }, { "category": "workaround", "details": "Sanitize the user-provided locale name before passing it to Moment.js.", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Moment.js: Path traversal in moment.locale" }, { "cve": "CVE-2022-25857", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-09-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2126789" } ], "notes": [ { "category": "description", "text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections", "title": "Vulnerability summary" }, { "category": "other", "text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25857" }, { "category": "external", "summary": "RHBZ#2126789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857" }, { "category": "external", "summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525" } ], "release_date": "2022-08-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections" }, { "cve": "CVE-2022-31129", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-07-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2105075" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "moment: inefficient parsing algorithm resulting in DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-31129" }, { "category": "external", "summary": "RHBZ#2105075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31129", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31129" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g", "url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g" } ], "release_date": "2022-07-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "moment: inefficient parsing algorithm resulting in DoS" }, { "cve": "CVE-2022-37603", "cwe": { "id": "CWE-185", "name": "Incorrect Regular Expression" }, "discovery_date": "2022-11-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2140597" } ], "notes": [ { "category": "description", "text": "A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.", "title": "Vulnerability description" }, { "category": "summary", "text": "loader-utils: Regular expression denial of service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-37603" }, { "category": "external", "summary": "RHBZ#2140597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-37603", "url": "https://www.cve.org/CVERecord?id=CVE-2022-37603" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603" } ], "release_date": "2022-10-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "loader-utils: Regular expression denial of service" }, { "cve": "CVE-2022-38749", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-09-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2129706" } ], "notes": [ { "category": "description", "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38749" }, { "category": "external", "summary": "RHBZ#2129706", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38749", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38749" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749" } ], "release_date": "2022-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode" }, { "cve": "CVE-2022-38750", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-09-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2129707" } ], "notes": [ { "category": "description", "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38750" }, { "category": "external", "summary": "RHBZ#2129707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38750", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38750" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750" } ], "release_date": "2022-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject" }, { "cve": "CVE-2022-38751", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-09-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2129709" } ], "notes": [ { "category": "description", "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38751" }, { "category": "external", "summary": "RHBZ#2129709", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129709" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38751", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38751" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751" } ], "release_date": "2022-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match" }, { "cve": "CVE-2022-40149", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-10-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135771" } ], "notes": [ { "category": "description", "text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: parser crash by stackoverflow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-40149" }, { "category": "external", "summary": "RHBZ#2135771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40149" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149" }, { "category": "external", "summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", "url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1" } ], "release_date": "2022-09-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jettison: parser crash by stackoverflow" }, { "cve": "CVE-2022-40150", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-10-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135770" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: memory exhaustion via user-supplied XML or JSON data", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-40150" }, { "category": "external", "summary": "RHBZ#2135770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40150" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150" }, { "category": "external", "summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", "url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1" } ], "release_date": "2022-09-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jettison: memory exhaustion via user-supplied XML or JSON data" }, { "cve": "CVE-2022-42003", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-10-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135244" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42003" }, { "category": "external", "summary": "RHBZ#2135244", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003" } ], "release_date": "2022-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS" }, { "cve": "CVE-2022-42004", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-10-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135247" } ], "notes": [ { "category": "description", "text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: use of deeply nested arrays", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42004" }, { "category": "external", "summary": "RHBZ#2135247", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004" } ], "release_date": "2022-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: use of deeply nested arrays" }, { "cve": "CVE-2022-45047", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-11-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2145194" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.", "title": "Vulnerability description" }, { "category": "summary", "text": "mina-sshd: Java unsafe deserialization vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Impact as High as there\u0027s a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it\u0027s very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-45047" }, { "category": "external", "summary": "RHBZ#2145194", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-45047", "url": "https://www.cve.org/CVERecord?id=CVE-2022-45047" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047" }, { "category": "external", "summary": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", "url": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html" } ], "release_date": "2022-11-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" }, { "category": "workaround", "details": "From the maintainer:\n\nFor Apache MINA SSHD \u003c= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server\u0027s host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "mina-sshd: Java unsafe deserialization vulnerability" }, { "cve": "CVE-2022-45693", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-12-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2155970" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-45693" }, { "category": "external", "summary": "RHBZ#2155970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-45693", "url": "https://www.cve.org/CVERecord?id=CVE-2022-45693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693" } ], "release_date": "2022-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos" }, { "cve": "CVE-2022-46175", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-12-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156263" } ], "notes": [ { "category": "description", "text": "A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.", "title": "Vulnerability description" }, { "category": "summary", "text": "json5: Prototype Pollution in JSON5 via Parse Method", "title": "Vulnerability summary" }, { "category": "other", "text": "The json5 package is a build-time dependency in Red Hat products and is not used in production runtime. Hence, the impact is set to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-46175" }, { "category": "external", "summary": "RHBZ#2156263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46175", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175" }, { "category": "external", "summary": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h", "url": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h" } ], "release_date": "2022-12-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "json5: Prototype Pollution in JSON5 via Parse Method" }, { "cve": "CVE-2022-46363", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2022-12-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2155681" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.", "title": "Vulnerability description" }, { "category": "summary", "text": "CXF: directory listing / code exfiltration", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-46363" }, { "category": "external", "summary": "RHBZ#2155681", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46363", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46363" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363" }, { "category": "external", "summary": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", "url": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c" } ], "release_date": "2022-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "CXF: directory listing / code exfiltration" }, { "cve": "CVE-2022-46364", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2022-12-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2155682" } ], "notes": [ { "category": "description", "text": "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", "title": "Vulnerability description" }, { "category": "summary", "text": "CXF: SSRF Vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-46364" }, { "category": "external", "summary": "RHBZ#2155682", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46364", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46364" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364" }, { "category": "external", "summary": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2", "url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2" } ], "release_date": "2022-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "CXF: SSRF Vulnerability" }, { "acknowledgments": [ { "names": [ "Sourav Kumar" ], "organization": "https://github.com/souravs17031999", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2023-0091", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2022-10-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2158585" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Client Registration endpoint does not check token revocation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-0091" }, { "category": "external", "summary": "RHBZ#2158585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158585" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0091", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0091" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0091", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0091" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg" }, { "category": "external", "summary": "https://github.com/keycloak/security/issues/27", "url": "https://github.com/keycloak/security/issues/27" } ], "release_date": "2022-10-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: Client Registration endpoint does not check token revocation" }, { "acknowledgments": [ { "names": [ "Jordi Zayuelas i Mu\u00f1oz" ], "organization": "A1 Digital", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2023-0264", "cwe": { "id": "CWE-303", "name": "Incorrect Implementation of Authentication Algorithm" }, "discovery_date": "2023-01-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2160585" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak\u0027s OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, Integrity, and availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: user impersonation via stolen uuid code", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-0264" }, { "category": "external", "summary": "RHBZ#2160585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160585" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0264", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0264" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0264", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0264" } ], "release_date": "2023-02-28T18:58:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1045" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el9sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: user impersonation via stolen uuid code" } ] }
rhsa-2022_9073
Vulnerability from csaf_redhat
Published
2022-12-15 16:20
Modified
2024-09-16 10:32
Summary
Red Hat Security Advisory: nodejs:16 security, bug fix, and enhancement update
Notes
Topic
An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages were updated to later upstream versions: nodejs (16.18.1), nodejs-nodemon (2.0.20).
Security Fix(es):
* nodejs: Improper handling of URI Subject Alternative Names (CVE-2021-44531)
* nodejs: Certificate Verification Bypass via String Injection (CVE-2021-44532)
* nodejs: Incorrect handling of certificate subject and issuer fields (CVE-2021-44533)
* minimist: prototype pollution (CVE-2021-44906)
* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)
* nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548)
* nodejs: Prototype pollution via console.table properties (CVE-2022-21824)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* nodejs:16/nodejs: Packaged version of undici does not fit with declared version. [rhel-8] (BZ#2151625)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages were updated to later upstream versions: nodejs (16.18.1), nodejs-nodemon (2.0.20).\n\nSecurity Fix(es):\n\n* nodejs: Improper handling of URI Subject Alternative Names (CVE-2021-44531)\n\n* nodejs: Certificate Verification Bypass via String Injection (CVE-2021-44532)\n\n* nodejs: Incorrect handling of certificate subject and issuer fields (CVE-2021-44533)\n\n* minimist: prototype pollution (CVE-2021-44906)\n\n* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)\n\n* nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548)\n\n* nodejs: Prototype pollution via console.table properties (CVE-2022-21824)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* nodejs:16/nodejs: Packaged version of undici does not fit with declared version. [rhel-8] (BZ#2151625)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:9073", "url": "https://access.redhat.com/errata/RHSA-2022:9073" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2040839", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040839" }, { "category": "external", "summary": "2040846", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040846" }, { "category": "external", "summary": "2040856", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040856" }, { "category": "external", "summary": "2040862", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040862" }, { "category": "external", "summary": "2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "2134609", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134609" }, { "category": "external", "summary": "2140911", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140911" }, { "category": "external", "summary": "2142806", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142806" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2022/rhsa-2022_9073.json" } ], "title": "Red Hat Security Advisory: nodejs:16 security, bug fix, and enhancement update", "tracking": { "current_release_date": "2024-09-16T10:32:28+00:00", "generator": { "date": "2024-09-16T10:32:28+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2022:9073", "initial_release_date": "2022-12-15T16:20:58+00:00", "revision_history": [ { "date": "2022-12-15T16:20:58+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-12-15T16:20:58+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-16T10:32:28+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "nodejs:16:8070020221207164159:bd1311ed", "product": { "name": "nodejs:16:8070020221207164159:bd1311ed", "product_id": "nodejs:16:8070020221207164159:bd1311ed", "product_identification_helper": { "purl": "pkg:rpmmod/redhat/nodejs@16:8070020221207164159:bd1311ed" } } }, { "category": "product_version", "name": "nodejs-docs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.noarch", "product": { "name": "nodejs-docs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.noarch", "product_id": "nodejs-docs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-docs@16.18.1-3.module%2Bel8.7.0%2B17465%2B1a1abd74?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.noarch", "product": { "name": "nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.noarch", "product_id": "nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.20-2.module%2Bel8.7.0%2B17412%2Bbb0e4a6b?arch=noarch" } } }, { "category": "product_version", "name": "nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch", "product": { "name": "nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch", "product_id": "nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-packaging@25-1.module%2Bel8.5.0%2B10992%2Bfac5fe06?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "product": { "name": "nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "product_id": "nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@16.18.1-3.module%2Bel8.7.0%2B17465%2B1a1abd74?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "product": { "name": "nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "product_id": "nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@16.18.1-3.module%2Bel8.7.0%2B17465%2B1a1abd74?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "product": { "name": "nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "product_id": "nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@16.18.1-3.module%2Bel8.7.0%2B17465%2B1a1abd74?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "product": { "name": "nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "product_id": "nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@16.18.1-3.module%2Bel8.7.0%2B17465%2B1a1abd74?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "product": { "name": "nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "product_id": "nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-full-i18n@16.18.1-3.module%2Bel8.7.0%2B17465%2B1a1abd74?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.aarch64", "product": { "name": "npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.aarch64", "product_id": "npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@8.19.2-1.16.18.1.3.module%2Bel8.7.0%2B17465%2B1a1abd74?arch=aarch64\u0026epoch=1" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.src", "product": { "name": "nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.src", "product_id": "nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@16.18.1-3.module%2Bel8.7.0%2B17465%2B1a1abd74?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.src", "product": { "name": "nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.src", "product_id": "nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.20-2.module%2Bel8.7.0%2B17412%2Bbb0e4a6b?arch=src" } } }, { "category": "product_version", "name": "nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src", "product": { "name": "nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src", "product_id": "nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-packaging@25-1.module%2Bel8.5.0%2B10992%2Bfac5fe06?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "product": { "name": "nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "product_id": "nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@16.18.1-3.module%2Bel8.7.0%2B17465%2B1a1abd74?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "product": { "name": "nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "product_id": "nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@16.18.1-3.module%2Bel8.7.0%2B17465%2B1a1abd74?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "product": { "name": "nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "product_id": "nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@16.18.1-3.module%2Bel8.7.0%2B17465%2B1a1abd74?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "product": { "name": "nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "product_id": "nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@16.18.1-3.module%2Bel8.7.0%2B17465%2B1a1abd74?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "product": { "name": "nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "product_id": "nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-full-i18n@16.18.1-3.module%2Bel8.7.0%2B17465%2B1a1abd74?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.ppc64le", "product": { "name": "npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.ppc64le", "product_id": "npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@8.19.2-1.16.18.1.3.module%2Bel8.7.0%2B17465%2B1a1abd74?arch=ppc64le\u0026epoch=1" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "product": { "name": "nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "product_id": "nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@16.18.1-3.module%2Bel8.7.0%2B17465%2B1a1abd74?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "product": { "name": "nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "product_id": "nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@16.18.1-3.module%2Bel8.7.0%2B17465%2B1a1abd74?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "product": { "name": "nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "product_id": "nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@16.18.1-3.module%2Bel8.7.0%2B17465%2B1a1abd74?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "product": { "name": "nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "product_id": "nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@16.18.1-3.module%2Bel8.7.0%2B17465%2B1a1abd74?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "product": { "name": "nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "product_id": "nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-full-i18n@16.18.1-3.module%2Bel8.7.0%2B17465%2B1a1abd74?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.s390x", "product": { "name": "npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.s390x", "product_id": "npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@8.19.2-1.16.18.1.3.module%2Bel8.7.0%2B17465%2B1a1abd74?arch=s390x\u0026epoch=1" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "product": { "name": "nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "product_id": "nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@16.18.1-3.module%2Bel8.7.0%2B17465%2B1a1abd74?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "product": { "name": "nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "product_id": "nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@16.18.1-3.module%2Bel8.7.0%2B17465%2B1a1abd74?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "product": { "name": "nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "product_id": "nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@16.18.1-3.module%2Bel8.7.0%2B17465%2B1a1abd74?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "product": { "name": "nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "product_id": "nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@16.18.1-3.module%2Bel8.7.0%2B17465%2B1a1abd74?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "product": { "name": "nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "product_id": "nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-full-i18n@16.18.1-3.module%2Bel8.7.0%2B17465%2B1a1abd74?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.x86_64", "product": { "name": "npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.x86_64", "product_id": "npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@8.19.2-1.16.18.1.3.module%2Bel8.7.0%2B17465%2B1a1abd74?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "nodejs:16:8070020221207164159:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed" }, "product_reference": "nodejs:16:8070020221207164159:bd1311ed", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64 as a component of nodejs:16:8070020221207164159:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64" }, "product_reference": "nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le as a component of nodejs:16:8070020221207164159:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le" }, "product_reference": "nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x as a component of nodejs:16:8070020221207164159:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x" }, "product_reference": "nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.src as a component of nodejs:16:8070020221207164159:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.src" }, "product_reference": "nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.src", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64 as a component of nodejs:16:8070020221207164159:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64" }, "product_reference": "nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64 as a component of nodejs:16:8070020221207164159:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64" }, "product_reference": "nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le as a component of nodejs:16:8070020221207164159:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le" }, "product_reference": "nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x as a component of nodejs:16:8070020221207164159:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x" }, "product_reference": "nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64 as a component of nodejs:16:8070020221207164159:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64" }, "product_reference": "nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64 as a component of nodejs:16:8070020221207164159:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64" }, "product_reference": "nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le as a component of nodejs:16:8070020221207164159:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le" }, "product_reference": "nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x as a component of nodejs:16:8070020221207164159:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x" }, "product_reference": "nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64 as a component of nodejs:16:8070020221207164159:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64" }, "product_reference": "nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64 as a component of nodejs:16:8070020221207164159:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64" }, "product_reference": "nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le as a component of nodejs:16:8070020221207164159:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le" }, "product_reference": "nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x as a component of nodejs:16:8070020221207164159:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x" }, "product_reference": "nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64 as a component of nodejs:16:8070020221207164159:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64" }, "product_reference": "nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-docs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.noarch as a component of nodejs:16:8070020221207164159:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-docs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.noarch" }, "product_reference": "nodejs-docs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.noarch", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64 as a component of nodejs:16:8070020221207164159:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64" }, "product_reference": "nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le as a component of nodejs:16:8070020221207164159:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le" }, "product_reference": "nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x as a component of nodejs:16:8070020221207164159:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x" }, "product_reference": "nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64 as a component of nodejs:16:8070020221207164159:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64" }, "product_reference": "nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.noarch as a component of nodejs:16:8070020221207164159:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.noarch" }, "product_reference": "nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.noarch", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.src as a component of nodejs:16:8070020221207164159:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.src" }, "product_reference": "nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.src", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch as a component of nodejs:16:8070020221207164159:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch" }, "product_reference": "nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src as a component of nodejs:16:8070020221207164159:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src" }, "product_reference": "nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.aarch64 as a component of nodejs:16:8070020221207164159:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.aarch64" }, "product_reference": "npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.aarch64", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.ppc64le as a component of nodejs:16:8070020221207164159:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.ppc64le" }, "product_reference": "npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.ppc64le", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.s390x as a component of nodejs:16:8070020221207164159:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.s390x" }, "product_reference": "npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.s390x", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.x86_64 as a component of nodejs:16:8070020221207164159:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.x86_64" }, "product_reference": "npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.x86_64", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-44531", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2022-01-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040839" } ], "notes": [ { "category": "description", "text": "A flaw was found in node.js where it accepted a certificate\u0027s Subject Alternative Names (SAN) entry, as opposed to what is specified by the HTTPS protocol. This flaw allows an active person-in-the-middle to forge a certificate and impersonate a trusted host.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Improper handling of URI Subject Alternative Names", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore Quay component is marked as \"Will not fix\" with impact LOW.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-docs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44531" }, { "category": "external", "summary": "RHBZ#2040839", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040839" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44531", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44531" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44531", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44531" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/" } ], "release_date": "2022-01-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-docs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:9073" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-docs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: Improper handling of URI Subject Alternative Names" }, { "cve": "CVE-2021-44532", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2022-01-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040846" } ], "notes": [ { "category": "description", "text": "It was found that node.js did not safely read the x509 certificate generalName format properly, resulting in data injection. A certificate could use a specially crafted extension in order to be successfully validated, permitting an attacker to impersonate a trusted host.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Certificate Verification Bypass via String Injection", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore Quay component is marked as \"Will not fix\" with impact LOW.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-docs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44532" }, { "category": "external", "summary": "RHBZ#2040846", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040846" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44532", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44532" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44532", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44532" } ], "release_date": "2022-01-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-docs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:9073" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-docs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: Certificate Verification Bypass via String Injection" }, { "cve": "CVE-2021-44533", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2022-01-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040856" } ], "notes": [ { "category": "description", "text": "A flaw was found in node.js, where it did not properly handle multi-value Relative Distinguished Names. This flaw allows a specially crafted x509 certificate to produce a false multi-value Relative Distinguished Name and to inject arbitrary data in node.js libraries.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Incorrect handling of certificate subject and issuer fields", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally, there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore, the Quay component is marked as \"Will not fix\" with impact LOW.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-docs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44533" }, { "category": "external", "summary": "RHBZ#2040856", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040856" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44533", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44533" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44533", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44533" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/" } ], "release_date": "2022-01-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-docs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:9073" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-docs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: Incorrect handling of certificate subject and issuer fields" }, { "cve": "CVE-2021-44906", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066009" } ], "notes": [ { "category": "description", "text": "An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "minimist: prototype pollution", "title": "Vulnerability summary" }, { "category": "other", "text": "The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. While this flaw (CVE-2021-44906) enables attackers to control objects that they should not have access to, actual exploitation would still require a chain of independent flaws. Even though the CVSS for CVE-2021-44906 is higher than CVE-2020-7598, they are both rated as having Moderate impact.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-docs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44906" }, { "category": "external", "summary": "RHBZ#2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h" } ], "release_date": "2022-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-docs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:9073" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-docs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "minimist: prototype pollution" }, { "cve": "CVE-2022-3517", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2022-06-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2134609" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-minimatch: ReDoS via the braceExpand function", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-docs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-3517" }, { "category": "external", "summary": "RHBZ#2134609", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134609" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3517", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3517" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3517", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3517" } ], "release_date": "2022-02-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-docs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:9073" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-docs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs-minimatch: ReDoS via the braceExpand function" }, { "cve": "CVE-2022-21824", "cwe": { "id": "CWE-915", "name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes" }, "discovery_date": "2022-01-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040862" } ], "notes": [ { "category": "description", "text": "Due to the formatting logic of the \"console.table()\" function it was not safe to allow user controlled input to be passed to the \"properties\" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be \"__proto__\". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js \u003e= 12.22.9, \u003e= 14.18.3, \u003e= 16.13.2, and \u003e= 17.3.1 use a null protoype for the object these properties are being assigned to.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Prototype pollution via console.table properties", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore Quay component is marked as \"Will not fix\".", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-docs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21824" }, { "category": "external", "summary": "RHBZ#2040862", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040862" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21824", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21824" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21824", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21824" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/" } ], "release_date": "2022-01-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-docs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:9073" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-docs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "nodejs: Prototype pollution via console.table properties" }, { "cve": "CVE-2022-43548", "cwe": { "id": "CWE-350", "name": "Reliance on Reverse DNS Resolution for a Security-Critical Action" }, "discovery_date": "2022-11-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2140911" } ], "notes": [ { "category": "description", "text": "A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: DNS rebinding in inspect via invalid octal IP address", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-docs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-43548" }, { "category": "external", "summary": "RHBZ#2140911", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140911" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-43548", "url": "https://www.cve.org/CVERecord?id=CVE-2022-43548" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548", "url": "https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548" } ], "release_date": "2022-11-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-docs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:9073" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debuginfo-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-debugsource-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-devel-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-docs-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-full-i18n-1:16.18.1-3.module+el8.7.0+17465+1a1abd74.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17412+bb0e4a6b.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:16:8070020221207164159:bd1311ed:npm-1:8.19.2-1.16.18.1.3.module+el8.7.0+17465+1a1abd74.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: DNS rebinding in inspect via invalid octal IP address" } ] }
rhsa-2022_5892
Vulnerability from csaf_redhat
Published
2022-08-03 18:01
Modified
2024-09-16 07:49
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.6 Security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.5, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.6 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson (CVE-2022-25647)
* org.jboss.hal-hal-parent: minimist: prototype pollution (CVE-2021-44906)
* netty: world readable temporary file containing sensitive data (CVE-2022-24823)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.5, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.6 Release Notes for information about the most significant bug fixes and enhancements included in this release.\nSecurity Fix(es):\n\n* com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson (CVE-2022-25647)\n\n* org.jboss.hal-hal-parent: minimist: prototype pollution (CVE-2021-44906)\n\n* netty: world readable temporary file containing sensitive data (CVE-2022-24823)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:5892", "url": "https://access.redhat.com/errata/RHSA-2022:5892" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/" }, { "category": "external", "summary": "2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "2080850", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080850" }, { "category": "external", "summary": "2087186", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087186" }, { "category": "external", "summary": "JBEAP-17119", "url": "https://issues.redhat.com/browse/JBEAP-17119" }, { "category": "external", "summary": "JBEAP-23344", "url": "https://issues.redhat.com/browse/JBEAP-23344" }, { "category": "external", "summary": "JBEAP-23360", "url": "https://issues.redhat.com/browse/JBEAP-23360" }, { "category": "external", "summary": "JBEAP-23444", "url": "https://issues.redhat.com/browse/JBEAP-23444" }, { "category": "external", "summary": "JBEAP-23492", "url": "https://issues.redhat.com/browse/JBEAP-23492" }, { "category": "external", "summary": "JBEAP-23526", "url": "https://issues.redhat.com/browse/JBEAP-23526" }, { "category": "external", "summary": "JBEAP-23528", "url": "https://issues.redhat.com/browse/JBEAP-23528" }, { "category": "external", "summary": "JBEAP-23546", "url": "https://issues.redhat.com/browse/JBEAP-23546" }, { "category": "external", "summary": "JBEAP-23550", "url": "https://issues.redhat.com/browse/JBEAP-23550" }, { "category": "external", "summary": "JBEAP-23551", "url": "https://issues.redhat.com/browse/JBEAP-23551" }, { "category": "external", "summary": "JBEAP-23554", "url": "https://issues.redhat.com/browse/JBEAP-23554" }, { "category": "external", "summary": "JBEAP-23556", "url": "https://issues.redhat.com/browse/JBEAP-23556" }, { "category": "external", "summary": "JBEAP-23557", "url": "https://issues.redhat.com/browse/JBEAP-23557" }, { "category": "external", "summary": "JBEAP-23559", "url": "https://issues.redhat.com/browse/JBEAP-23559" }, { "category": "external", "summary": "JBEAP-23561", "url": "https://issues.redhat.com/browse/JBEAP-23561" }, { "category": "external", "summary": "JBEAP-23566", "url": "https://issues.redhat.com/browse/JBEAP-23566" }, { "category": "external", "summary": "JBEAP-23571", "url": "https://issues.redhat.com/browse/JBEAP-23571" }, { "category": "external", "summary": "JBEAP-23626", "url": "https://issues.redhat.com/browse/JBEAP-23626" }, { "category": "external", "summary": "JBEAP-23659", "url": "https://issues.redhat.com/browse/JBEAP-23659" }, { "category": "external", "summary": "JBEAP-23671", "url": "https://issues.redhat.com/browse/JBEAP-23671" }, { "category": "external", "summary": "JBEAP-23686", "url": "https://issues.redhat.com/browse/JBEAP-23686" }, { "category": "external", "summary": "JBEAP-23726", "url": "https://issues.redhat.com/browse/JBEAP-23726" }, { "category": "external", "summary": "JBEAP-23728", "url": "https://issues.redhat.com/browse/JBEAP-23728" }, { "category": "external", "summary": "JBEAP-23806", "url": "https://issues.redhat.com/browse/JBEAP-23806" }, { "category": "external", "summary": "JBEAP-23807", "url": "https://issues.redhat.com/browse/JBEAP-23807" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2022/rhsa-2022_5892.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.6 Security update", "tracking": { "current_release_date": "2024-09-16T07:49:38+00:00", "generator": { "date": "2024-09-16T07:49:38+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2022:5892", "initial_release_date": "2022-08-03T18:01:54+00:00", "revision_history": [ { "date": "2022-08-03T18:01:54+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-08-03T18:01:54+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-16T07:49:38+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product": { "name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-picketlink-api-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "product": { "name": "eap7-picketlink-api-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "product_id": "eap7-picketlink-api-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-api@2.5.5-21.SP12_redhat_00011.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-common-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "product": { "name": "eap7-picketlink-common-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "product_id": "eap7-picketlink-common-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-common@2.5.5-21.SP12_redhat_00011.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-config-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "product": { "name": "eap7-picketlink-config-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "product_id": "eap7-picketlink-config-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-config@2.5.5-21.SP12_redhat_00011.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "product": { "name": "eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "product_id": "eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-federation@2.5.5-21.SP12_redhat_00011.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-idm-api-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "product": { "name": "eap7-picketlink-idm-api-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "product_id": "eap7-picketlink-idm-api-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-idm-api@2.5.5-21.SP12_redhat_00011.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-idm-impl-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "product": { "name": "eap7-picketlink-idm-impl-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "product_id": "eap7-picketlink-idm-impl-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-idm-impl@2.5.5-21.SP12_redhat_00011.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-idm-simple-schema-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "product": { "name": "eap7-picketlink-idm-simple-schema-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "product_id": "eap7-picketlink-idm-simple-schema-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-idm-simple-schema@2.5.5-21.SP12_redhat_00011.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-impl-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "product": { "name": "eap7-picketlink-impl-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "product_id": "eap7-picketlink-impl-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-impl@2.5.5-21.SP12_redhat_00011.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.13-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.15.13-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.15.13-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.15.13-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.13-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jandex@2.4.2-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-gson@2.8.9-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el7eap.noarch", "product_id": "eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.14-4.SP05_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-2.SP2_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jberet-core-0:1.3.9-2.SP2_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jberet-core-0:1.3.9-2.SP2_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jberet-core-0:1.3.9-2.SP2_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.9-2.SP2_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.13-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.3.13-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-rt-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-apache-cxf-rt-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-apache-cxf-rt-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.3.13-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-services-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-apache-cxf-services-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-apache-cxf-services-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.3.13-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-tools-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-apache-cxf-tools-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-apache-cxf-tools-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.3.13-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketbox@5.0.3-10.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketbox-infinispan-0:5.0.3-10.Final_redhat_00009.1.el7eap.noarch", "product": { "name": "eap7-picketbox-infinispan-0:5.0.3-10.Final_redhat_00009.1.el7eap.noarch", "product_id": "eap7-picketbox-infinispan-0:5.0.3-10.Final_redhat_00009.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketbox-infinispan@5.0.3-10.Final_redhat_00009.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el7eap.noarch", "product_id": "eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.6.1-2.redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.3-2.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-api-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-common-api-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-common-api-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.5.3-2.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-impl-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-common-impl-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-common-impl-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.5.3-2.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-spi-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-common-spi-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-common-spi-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.5.3-2.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-api-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-core-api-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-core-api-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.5.3-2.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-impl-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-core-impl-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-core-impl-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.5.3-2.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-deployers-common-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-deployers-common-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-deployers-common-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.5.3-2.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-jdbc-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-jdbc-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-jdbc-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.5.3-2.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-validator-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-validator-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-validator-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.5.3-2.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.77-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-all-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-all-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-all-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-all@4.1.77-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-buffer@4.1.77-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec@4.1.77-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-dns@4.1.77-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-haproxy@4.1.77-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-http@4.1.77-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-http2@4.1.77-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-memcache@4.1.77-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-mqtt@4.1.77-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-redis@4.1.77-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-smtp@4.1.77-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-socks@4.1.77-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-stomp@4.1.77-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-xml@4.1.77-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-common@4.1.77-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-handler@4.1.77-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-handler-proxy@4.1.77-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver@4.1.77-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver-dns@4.1.77-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver-dns-classes-macos@4.1.77-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport@4.1.77-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-classes-epoll@4.1.77-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-classes-kqueue@4.1.77-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-unix-common@4.1.77-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-rxtx@4.1.77-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-sctp@4.1.77-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-udt@4.1.77-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-tcnative@2.0.52-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.27-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.27-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.27-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.27-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-java8-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-java8-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.27-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.25-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl@2.2.3-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-java-0:2.2.3-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-openssl-java-0:2.2.3-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-openssl-java-0:2.2.3-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-java@2.2.3-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-common-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-client-common-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-client-common-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.1.12-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-ejb-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-ejb-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-ejb-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.1.12-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-naming-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-naming-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-naming-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.1.12-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-transaction-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-transaction-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-transaction-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.1.12-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-5.SP06_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el7eap.noarch", "product_id": "eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-26.SP12_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-wildfly8-0:2.5.5-26.SP12_redhat_00014.1.el7eap.noarch", "product": { "name": "eap7-picketlink-wildfly8-0:2.5.5-26.SP12_redhat_00014.1.el7eap.noarch", "product_id": "eap7-picketlink-wildfly8-0:2.5.5-26.SP12_redhat_00014.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-wildfly8@2.5.5-26.SP12_redhat_00014.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el7eap.noarch", "product_id": "eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.18-2.SP2_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-18.Final_redhat_00017.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.10.0-18.Final_redhat_00017.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-18.Final_redhat_00017.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.10.0-18.Final_redhat_00017.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-18.Final_redhat_00017.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.10.0-18.Final_redhat_00017.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.10.0-18.Final_redhat_00017.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.10.0-18.Final_redhat_00017.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-18.Final_redhat_00017.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.6-5.GA_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk11-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-java-jdk11-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-java-jdk11-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.6-5.GA_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk8-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-java-jdk8-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-java-jdk8-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.6-5.GA_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.6-5.GA_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-modules-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.6-5.GA_redhat_00002.1.el7eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el7eap.src", "product": { "name": "eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el7eap.src", "product_id": "eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-federation@2.5.5-21.SP12_redhat_00011.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.13-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jandex@2.4.2-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src", "product_id": "eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-gson@2.8.9-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el7eap.src", "product": { "name": "eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el7eap.src", "product_id": "eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.14-4.SP05_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el7eap.src", "product_id": "eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-2.SP2_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.13-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el7eap.src", "product_id": "eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.3.13-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el7eap.src", "product": { "name": "eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el7eap.src", "product_id": "eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketbox@5.0.3-10.Final_redhat_00009.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el7eap.src", "product": { "name": "eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el7eap.src", "product_id": "eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.6.1-2.redhat_00004.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el7eap.src", "product": { "name": "eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el7eap.src", "product_id": "eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.3-2.SP1_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.77-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.77-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-tcnative@2.0.52-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.27-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.25-1.SP1_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl@2.2.3-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-http-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-http-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.1.12-1.SP1_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-el7-x86_64-0:2.2.2-1.Final_redhat_00002.1.el7eap.src", "product": { "name": "eap7-wildfly-openssl-el7-x86_64-0:2.2.2-1.Final_redhat_00002.1.el7eap.src", "product_id": "eap7-wildfly-openssl-el7-x86_64-0:2.2.2-1.Final_redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-el7-x86_64@2.2.2-1.Final_redhat_00002.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-5.SP06_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el7eap.src", "product": { "name": "eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el7eap.src", "product_id": "eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-26.SP12_redhat_00014.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el7eap.src", "product": { "name": "eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el7eap.src", "product_id": "eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.18-2.SP2_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el7eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el7eap.src", "product_id": "eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-18.Final_redhat_00017.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el7eap.src", "product": { "name": "eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el7eap.src", "product_id": "eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.6-5.GA_redhat_00002.1.el7eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el7eap.x86_64", "product": { "name": "eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el7eap.x86_64", "product_id": "eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el7eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.77-1.Final_redhat_00001.1.el7eap?arch=x86_64" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.77-1.Final_redhat_00001.1.el7eap.x86_64", "product": { "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.77-1.Final_redhat_00001.1.el7eap.x86_64", "product_id": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.77-1.Final_redhat_00001.1.el7eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll-debuginfo@4.1.77-1.Final_redhat_00001.1.el7eap?arch=x86_64" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-el7-x86_64-0:2.2.2-1.Final_redhat_00002.1.el7eap.x86_64", "product": { "name": "eap7-wildfly-openssl-el7-x86_64-0:2.2.2-1.Final_redhat_00002.1.el7eap.x86_64", "product_id": "eap7-wildfly-openssl-el7-x86_64-0:2.2.2-1.Final_redhat_00002.1.el7eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-el7-x86_64@2.2.2-1.Final_redhat_00002.1.el7eap?arch=x86_64" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.2-1.Final_redhat_00002.1.el7eap.x86_64", "product": { "name": "eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.2-1.Final_redhat_00002.1.el7eap.x86_64", "product_id": "eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.2-1.Final_redhat_00002.1.el7eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-el7-x86_64-debuginfo@2.2.2-1.Final_redhat_00002.1.el7eap?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-rt-0:3.3.13-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.13-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-apache-cxf-rt-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-services-0:3.3.13-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.13-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-apache-cxf-services-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-tools-0:3.3.13-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.13-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-apache-cxf-tools-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-api-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-common-api-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-impl-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-common-impl-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-spi-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-common-spi-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-api-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-core-api-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-impl-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-core-impl-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-deployers-common-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-deployers-common-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-jdbc-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-jdbc-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-validator-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-validator-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el7eap.src" }, "product_reference": "eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-core-0:1.3.9-2.SP2_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-2.SP2_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jberet-core-0:1.3.9-2.SP2_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el7eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-18.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-18.Final_redhat_00017.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-18.Final_redhat_00017.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.10.0-18.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-18.Final_redhat_00017.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.10.0-18.Final_redhat_00017.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-all-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-all-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el7eap.x86_64" }, "product_reference": "eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el7eap.x86_64", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.77-1.Final_redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.77-1.Final_redhat_00001.1.el7eap.x86_64" }, "product_reference": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.77-1.Final_redhat_00001.1.el7eap.x86_64", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el7eap.src" }, "product_reference": "eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketbox-infinispan-0:5.0.3-10.Final_redhat_00009.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-10.Final_redhat_00009.1.el7eap.noarch" }, "product_reference": "eap7-picketbox-infinispan-0:5.0.3-10.Final_redhat_00009.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-api-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch" }, "product_reference": "eap7-picketlink-api-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el7eap.src" }, "product_reference": "eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-common-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch" }, "product_reference": "eap7-picketlink-common-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-config-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch" }, "product_reference": "eap7-picketlink-config-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch" }, "product_reference": "eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el7eap.src" }, "product_reference": "eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-idm-api-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch" }, "product_reference": "eap7-picketlink-idm-api-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-idm-impl-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch" }, "product_reference": "eap7-picketlink-idm-impl-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-idm-simple-schema-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch" }, "product_reference": "eap7-picketlink-idm-simple-schema-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-impl-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch" }, "product_reference": "eap7-picketlink-impl-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-wildfly8-0:2.5.5-26.SP12_redhat_00014.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-26.SP12_redhat_00014.1.el7eap.noarch" }, "product_reference": "eap7-picketlink-wildfly8-0:2.5.5-26.SP12_redhat_00014.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el7eap.src" }, "product_reference": "eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.15.13-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.13-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.15.13-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-http-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-common-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-client-common-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-ejb-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-ejb-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-naming-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-naming-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-transaction-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-transaction-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk11-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk11-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk8-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk8-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-el7-x86_64-0:2.2.2-1.Final_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.2-1.Final_redhat_00002.1.el7eap.src" }, "product_reference": "eap7-wildfly-openssl-el7-x86_64-0:2.2.2-1.Final_redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-el7-x86_64-0:2.2.2-1.Final_redhat_00002.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.2-1.Final_redhat_00002.1.el7eap.x86_64" }, "product_reference": "eap7-wildfly-openssl-el7-x86_64-0:2.2.2-1.Final_redhat_00002.1.el7eap.x86_64", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.2-1.Final_redhat_00002.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.2-1.Final_redhat_00002.1.el7eap.x86_64" }, "product_reference": "eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.2-1.Final_redhat_00002.1.el7eap.x86_64", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-java-0:2.2.3-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.3-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-openssl-java-0:2.2.3-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-44906", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-03-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-2.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-18.Final_redhat_00017.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-18.Final_redhat_00017.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.77-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-10.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-26.SP12_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.2-1.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.2-1.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.3-1.Final_redhat_00001.1.el7eap.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066009" } ], "notes": [ { "category": "description", "text": "An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "minimist: prototype pollution", "title": "Vulnerability summary" }, { "category": "other", "text": "The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. While this flaw (CVE-2021-44906) enables attackers to control objects that they should not have access to, actual exploitation would still require a chain of independent flaws. Even though the CVSS for CVE-2021-44906 is higher than CVE-2020-7598, they are both rated as having Moderate impact.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-2.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-18.Final_redhat_00017.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-18.Final_redhat_00017.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.77-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-10.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-26.SP12_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.2-1.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.2-1.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.3-1.Final_redhat_00001.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44906" }, { "category": "external", "summary": "RHBZ#2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h" } ], "release_date": "2022-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5892" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "minimist: prototype pollution" }, { "cve": "CVE-2022-24823", "cwe": { "id": "CWE-379", "name": "Creation of Temporary File in Directory with Insecure Permissions" }, "discovery_date": "2022-05-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-2.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-18.Final_redhat_00017.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-18.Final_redhat_00017.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.77-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-10.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-26.SP12_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.2-1.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.2-1.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.3-1.Final_redhat_00001.1.el7eap.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2087186" } ], "notes": [ { "category": "description", "text": "CVE-2021-21290 contains an incomplete fix, and this addresses the issue found in netty. When using multipart decoders in netty, local information disclosure can occur via the local system temporary directory if temporary storing of uploads on the disk is enabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: world readable temporary file containing sensitive data", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users.\n\nRed Hat Satellite 6 is not affected as is using netty 3.6.7 version which is not impacted by this vulnerability.\n\nRed Hat Fuse 7 is now in Maintenance Support Phase and should be fixed soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-2.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-18.Final_redhat_00017.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-18.Final_redhat_00017.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.77-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-10.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-26.SP12_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.2-1.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.2-1.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.3-1.Final_redhat_00001.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24823" }, { "category": "external", "summary": "RHBZ#2087186", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087186" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24823", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24823" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24823", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24823" } ], "release_date": "2022-05-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5892" }, { "category": "workaround", "details": "As a workaround, specify one\u0027s own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user.", "product_ids": [ "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-2.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-18.Final_redhat_00017.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-18.Final_redhat_00017.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.77-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-10.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-26.SP12_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.2-1.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.2-1.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.3-1.Final_redhat_00001.1.el7eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty: world readable temporary file containing sensitive data" }, { "cve": "CVE-2022-25647", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-05-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-2.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-18.Final_redhat_00017.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-18.Final_redhat_00017.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.77-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-10.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-26.SP12_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.2-1.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.2-1.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.3-1.Final_redhat_00001.1.el7eap.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2080850" } ], "notes": [ { "category": "description", "text": "A flaw was found in gson, which is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes. This issue may lead to availability attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.13-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.27-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.3-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-2.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-18.Final_redhat_00017.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-18.Final_redhat_00017.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.77-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-10.Final_redhat_00009.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el7eap.src", "7Server-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-21.SP12_redhat_00011.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-26.SP12_redhat_00014.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.12-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.6-5.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.2-1.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-0:2.2.2-1.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-el7-x86_64-debuginfo-0:2.2.2-1.Final_redhat_00002.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.3-1.Final_redhat_00001.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25647" }, { "category": "external", "summary": "RHBZ#2080850", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080850" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25647", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25647" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25647", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25647" } ], "release_date": "2022-05-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5892" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson" } ] }
rhsa-2022_7044
Vulnerability from csaf_redhat
Published
2022-10-19 10:12
Modified
2024-09-16 07:50
Summary
Red Hat Security Advisory: rh-nodejs14-nodejs security update
Notes
Topic
An update for rh-nodejs14-nodejs is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* nodejs: Improper handling of URI Subject Alternative Names (CVE-2021-44531)
* nodejs: Certificate Verification Bypass via String Injection (CVE-2021-44532)
* nodejs: Incorrect handling of certificate subject and issuer fields (CVE-2021-44533)
* minimist: prototype pollution (CVE-2021-44906)
* nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)
* nodejs: Prototype pollution via console.table properties (CVE-2022-21824)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for rh-nodejs14-nodejs is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* nodejs: Improper handling of URI Subject Alternative Names (CVE-2021-44531)\n\n* nodejs: Certificate Verification Bypass via String Injection (CVE-2021-44532)\n\n* nodejs: Incorrect handling of certificate subject and issuer fields (CVE-2021-44533)\n\n* minimist: prototype pollution (CVE-2021-44906)\n\n* nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)\n\n* nodejs: Prototype pollution via console.table properties (CVE-2022-21824)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:7044", "url": "https://access.redhat.com/errata/RHSA-2022:7044" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2040839", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040839" }, { "category": "external", "summary": "2040846", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040846" }, { "category": "external", "summary": "2040856", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040856" }, { "category": "external", "summary": "2040862", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040862" }, { "category": "external", "summary": "2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "2130518", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130518" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2022/rhsa-2022_7044.json" } ], "title": "Red Hat Security Advisory: rh-nodejs14-nodejs security update", "tracking": { "current_release_date": "2024-09-16T07:50:23+00:00", "generator": { "date": "2024-09-16T07:50:23+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2022:7044", "initial_release_date": "2022-10-19T10:12:45+00:00", "revision_history": [ { "date": "2022-10-19T10:12:45+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-10-19T10:12:45+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-16T07:50:23+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Software Collections for RHEL Workstation(v. 7)", "product": { "name": "Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for RHEL(v. 7)", "product": { "name": "Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } } ], "category": "product_family", "name": "Red Hat Software Collections" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs14-nodejs-0:14.20.1-2.el7.src", "product": { "name": "rh-nodejs14-nodejs-0:14.20.1-2.el7.src", "product_id": "rh-nodejs14-nodejs-0:14.20.1-2.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs@14.20.1-2.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64", "product": { "name": "rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64", "product_id": "rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs@14.20.1-2.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64", "product": { "name": "rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64", "product_id": "rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs-devel@14.20.1-2.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64", "product": { "name": "rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64", "product_id": "rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-npm@6.14.17-14.20.1.2.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64", "product": { "name": "rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64", "product_id": "rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs-debuginfo@14.20.1-2.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch", "product": { "name": "rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch", "product_id": "rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs-docs@14.20.1-2.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x", "product": { "name": "rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x", "product_id": "rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs@14.20.1-2.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x", "product": { "name": "rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x", "product_id": "rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs-devel@14.20.1-2.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x", "product": { "name": "rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x", "product_id": "rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-npm@6.14.17-14.20.1.2.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x", "product": { "name": "rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x", "product_id": "rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs-debuginfo@14.20.1-2.el7?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le", "product": { "name": "rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le", "product_id": "rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs@14.20.1-2.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le", "product": { "name": "rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le", "product_id": "rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs-devel@14.20.1-2.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le", "product": { "name": "rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le", "product_id": "rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-npm@6.14.17-14.20.1.2.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le", "product": { "name": "rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le", "product_id": "rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs-debuginfo@14.20.1-2.el7?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le" }, "product_reference": "rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x" }, "product_reference": "rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-0:14.20.1-2.el7.src as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.src" }, "product_reference": "rh-nodejs14-nodejs-0:14.20.1-2.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64" }, "product_reference": "rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le" }, "product_reference": "rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x" }, "product_reference": "rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64" }, "product_reference": "rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le" }, "product_reference": "rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x" }, "product_reference": "rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64" }, "product_reference": "rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch" }, "product_reference": "rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le" }, "product_reference": "rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x" }, "product_reference": "rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64" }, "product_reference": "rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le" }, "product_reference": "rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x" }, "product_reference": "rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-0:14.20.1-2.el7.src as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.src" }, "product_reference": "rh-nodejs14-nodejs-0:14.20.1-2.el7.src", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64" }, "product_reference": "rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le" }, "product_reference": "rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x" }, "product_reference": "rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64" }, "product_reference": "rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le" }, "product_reference": "rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x" }, "product_reference": "rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64" }, "product_reference": "rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch" }, "product_reference": "rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le" }, "product_reference": "rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x" }, "product_reference": "rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64" }, "product_reference": "rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.8" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-44531", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2022-01-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040839" } ], "notes": [ { "category": "description", "text": "A flaw was found in node.js where it accepted a certificate\u0027s Subject Alternative Names (SAN) entry, as opposed to what is specified by the HTTPS protocol. This flaw allows an active person-in-the-middle to forge a certificate and impersonate a trusted host.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Improper handling of URI Subject Alternative Names", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore Quay component is marked as \"Will not fix\" with impact LOW.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44531" }, { "category": "external", "summary": "RHBZ#2040839", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040839" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44531", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44531" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44531", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44531" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/" } ], "release_date": "2022-01-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: Improper handling of URI Subject Alternative Names" }, { "cve": "CVE-2021-44532", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2022-01-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040846" } ], "notes": [ { "category": "description", "text": "It was found that node.js did not safely read the x509 certificate generalName format properly, resulting in data injection. A certificate could use a specially crafted extension in order to be successfully validated, permitting an attacker to impersonate a trusted host.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Certificate Verification Bypass via String Injection", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore Quay component is marked as \"Will not fix\" with impact LOW.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44532" }, { "category": "external", "summary": "RHBZ#2040846", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040846" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44532", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44532" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44532", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44532" } ], "release_date": "2022-01-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: Certificate Verification Bypass via String Injection" }, { "cve": "CVE-2021-44533", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2022-01-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040856" } ], "notes": [ { "category": "description", "text": "A flaw was found in node.js, where it did not properly handle multi-value Relative Distinguished Names. This flaw allows a specially crafted x509 certificate to produce a false multi-value Relative Distinguished Name and to inject arbitrary data in node.js libraries.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Incorrect handling of certificate subject and issuer fields", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally, there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore, the Quay component is marked as \"Will not fix\" with impact LOW.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44533" }, { "category": "external", "summary": "RHBZ#2040856", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040856" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44533", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44533" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44533", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44533" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/" } ], "release_date": "2022-01-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: Incorrect handling of certificate subject and issuer fields" }, { "cve": "CVE-2021-44906", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066009" } ], "notes": [ { "category": "description", "text": "An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "minimist: prototype pollution", "title": "Vulnerability summary" }, { "category": "other", "text": "The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. While this flaw (CVE-2021-44906) enables attackers to control objects that they should not have access to, actual exploitation would still require a chain of independent flaws. Even though the CVSS for CVE-2021-44906 is higher than CVE-2020-7598, they are both rated as having Moderate impact.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44906" }, { "category": "external", "summary": "RHBZ#2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h" } ], "release_date": "2022-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "minimist: prototype pollution" }, { "cve": "CVE-2022-21824", "cwe": { "id": "CWE-915", "name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes" }, "discovery_date": "2022-01-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040862" } ], "notes": [ { "category": "description", "text": "Due to the formatting logic of the \"console.table()\" function it was not safe to allow user controlled input to be passed to the \"properties\" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be \"__proto__\". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js \u003e= 12.22.9, \u003e= 14.18.3, \u003e= 16.13.2, and \u003e= 17.3.1 use a null protoype for the object these properties are being assigned to.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Prototype pollution via console.table properties", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore Quay component is marked as \"Will not fix\".", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21824" }, { "category": "external", "summary": "RHBZ#2040862", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040862" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21824", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21824" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21824", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21824" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/" } ], "release_date": "2022-01-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "nodejs: Prototype pollution via console.table properties" }, { "acknowledgments": [ { "names": [ "VVX7" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2022-35256", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2022-09-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2130518" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in NodeJS due to improper validation of HTTP requests. The llhttp parser in the HTTP module in Node.js does not correctly handle header fields that are not terminated with CLRF. This issue may result in HTTP Request Smuggling. This flaw allows a remote attacker to send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: HTTP Request Smuggling due to incorrect parsing of header fields", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-35256" }, { "category": "external", "summary": "RHBZ#2130518", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130518" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-35256", "url": "https://www.cve.org/CVERecord?id=CVE-2022-35256" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#http-request-smuggling-due-to-incorrect-parsing-of-header-fields-medium-cve-2022-35256", "url": "https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#http-request-smuggling-due-to-incorrect-parsing-of-header-fields-medium-cve-2022-35256" } ], "release_date": "2022-09-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.20.1-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.20.1-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.20.1.2.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: HTTP Request Smuggling due to incorrect parsing of header fields" } ] }
rhsa-2023_1047
Vulnerability from csaf_redhat
Published
2023-03-01 21:46
Modified
2024-09-19 07:52
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 for OpenShift image security and enhancement update
Notes
Topic
A new image is available for Red Hat Single Sign-On 7.6.2, running on Red
Hat OpenShift Container Platform from the release of 3.11 up to the release
of 4.12.0.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On is an integrated sign-on solution, available as a
Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat
Single Sign-On for OpenShift image provides an authentication server that
you can use to log in centrally, log out, and register. You can also manage
user accounts for web applications, mobile applications, and RESTful web
services.
* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* RH-SSO for OpenShift images: unsecured management interface exposed to adjacent network (CVE-2022-4039)
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
* keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
* rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)
* jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)
* keycloak: minimist: prototype pollution (CVE-2021-44906)
* keycloak: missing email notification template allowlist (CVE-2022-1274)
* keycloak: XSS on izmpersonation under specific circumstances (CVE-2022-1438)
* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)
* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)
* undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)
* keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)
This erratum releases a new image for Red Hat Single Sign-On 7.6.2 for use
within the Red Hat OpenShift Container Platform (from the release of 3.11
up to the release of 4.12.0) cloud computing Platform-as-a-Service (PaaS)
for on-premise or private cloud deployments, aligning with the standalone
product release.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A new image is available for Red Hat Single Sign-On 7.6.2, running on Red\nHat OpenShift Container Platform from the release of 3.11 up to the release\nof 4.12.0.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On is an integrated sign-on solution, available as a\nRed Hat JBoss Middleware for OpenShift containerized image. The Red Hat\nSingle Sign-On for OpenShift image provides an authentication server that\nyou can use to log in centrally, log out, and register. You can also manage\nuser accounts for web applications, mobile applications, and RESTful web\nservices.\n\n* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n* RH-SSO for OpenShift images: unsecured management interface exposed to adjacent network (CVE-2022-4039)\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n* keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n* rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n* jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n* keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n* keycloak: minimist: prototype pollution (CVE-2021-44906)\n* keycloak: missing email notification template allowlist (CVE-2022-1274)\n* keycloak: XSS on izmpersonation under specific circumstances (CVE-2022-1438)\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n* loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)\n* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n* jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n* undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)\n* keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)\n\nThis erratum releases a new image for Red Hat Single Sign-On 7.6.2 for use\nwithin the Red Hat OpenShift Container Platform (from the release of 3.11\nup to the release of 4.12.0) cloud computing Platform-as-a-Service (PaaS)\nfor on-premise or private cloud deployments, aligning with the standalone\nproduct release.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:1047", "url": "https://access.redhat.com/errata/RHSA-2023:1047" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1601614", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614" }, { "category": "external", "summary": "1601617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617" }, { "category": "external", "summary": "1701972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972" }, { "category": "external", "summary": "1828406", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406" }, { "category": "external", "summary": "2031904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031904" }, { "category": "external", "summary": "2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "2073157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073157" }, { "category": "external", "summary": "2105075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075" }, { "category": "external", "summary": "2117506", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117506" }, { "category": "external", "summary": "2126789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789" }, { "category": "external", "summary": "2129706", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706" }, { "category": "external", "summary": "2129707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707" }, { "category": "external", "summary": "2129709", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129709" }, { "category": "external", "summary": "2135244", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244" }, { "category": "external", "summary": "2135247", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247" }, { "category": "external", "summary": "2135770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770" }, { "category": "external", "summary": "2135771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771" }, { "category": "external", "summary": "2138971", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138971" }, { "category": "external", "summary": "2140597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597" }, { "category": "external", "summary": "2141404", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141404" }, { "category": "external", "summary": "2143416", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2143416" }, { "category": "external", "summary": "2145194", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194" }, { "category": "external", "summary": "2150009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009" }, { "category": "external", "summary": "2155681", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681" }, { "category": "external", "summary": "2155682", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682" }, { "category": "external", "summary": "2155970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970" }, { "category": "external", "summary": "2156263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263" }, { "category": "external", "summary": "2156324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324" }, { "category": "external", "summary": "2158585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158585" }, { "category": "external", "summary": "2160585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160585" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_1047.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 for OpenShift image security and enhancement update", "tracking": { "current_release_date": "2024-09-19T07:52:40+00:00", "generator": { "date": "2024-09-19T07:52:40+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2023:1047", "initial_release_date": "2023-03-01T21:46:46+00:00", "revision_history": [ { "date": "2023-03-01T21:46:46+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-03-01T21:46:46+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-19T07:52:40+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Middleware Containers for OpenShift", "product": { "name": "Middleware Containers for OpenShift", "product_id": "8Base-RHOSE-Middleware", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhosemc:1.0::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", "product": { "name": "rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", "product_id": "rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", "product_identification_helper": { "purl": "pkg:oci/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21?arch=s390x\u0026repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8\u0026tag=7.6-20" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "product": { "name": "rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "product_id": "rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "product_identification_helper": { "purl": "pkg:oci/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60?arch=ppc64le\u0026repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8\u0026tag=7.6-20" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "product": { "name": "rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "product_id": "rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "product_identification_helper": { "purl": "pkg:oci/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f?arch=amd64\u0026repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8\u0026tag=7.6-20" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le as a component of Middleware Containers for OpenShift", "product_id": "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le" }, "product_reference": "rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "relates_to_product_reference": "8Base-RHOSE-Middleware" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64 as a component of Middleware Containers for OpenShift", "product_id": "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64" }, "product_reference": "rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "relates_to_product_reference": "8Base-RHOSE-Middleware" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x as a component of Middleware Containers for OpenShift", "product_id": "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" }, "product_reference": "rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x", "relates_to_product_reference": "8Base-RHOSE-Middleware" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-14040", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2018-07-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1601614" } ], "notes": [ { "category": "description", "text": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.", "title": "Vulnerability description" }, { "category": "summary", "text": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14040" }, { "category": "external", "summary": "RHBZ#1601614", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14040", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14040" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040" } ], "release_date": "2018-05-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute" }, { "cve": "CVE-2018-14042", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2018-07-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1601617" } ], "notes": [ { "category": "description", "text": "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.", "title": "Vulnerability description" }, { "category": "summary", "text": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14042" }, { "category": "external", "summary": "RHBZ#1601617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14042", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14042" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042" } ], "release_date": "2018-05-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip" }, { "cve": "CVE-2019-11358", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2019-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1701972" } ], "notes": [ { "category": "description", "text": "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.", "title": "Vulnerability description" }, { "category": "summary", "text": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-11358" }, { "category": "external", "summary": "RHBZ#1701972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-11358", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11358" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358" }, { "category": "external", "summary": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/" }, { "category": "external", "summary": "https://www.drupal.org/sa-core-2019-006", "url": "https://www.drupal.org/sa-core-2019-006" } ], "release_date": "2019-03-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection" }, { "cve": "CVE-2020-11022", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2020-04-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828406" } ], "notes": [ { "category": "description", "text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.", "title": "Vulnerability description" }, { "category": "summary", "text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", "title": "Vulnerability summary" }, { "category": "other", "text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11022" }, { "category": "external", "summary": "RHBZ#1828406", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11022" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", "url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2" } ], "release_date": "2020-04-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method" }, { "cve": "CVE-2021-35065", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-12-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156324" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "glob-parent: Regular Expression Denial of Service", "title": "Vulnerability summary" }, { "category": "other", "text": "The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-35065" }, { "category": "external", "summary": "RHBZ#2156324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-35065", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35065" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065" }, { "category": "external", "summary": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294", "url": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294" } ], "release_date": "2022-12-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "glob-parent: Regular Expression Denial of Service" }, { "cve": "CVE-2021-44906", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066009" } ], "notes": [ { "category": "description", "text": "An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "minimist: prototype pollution", "title": "Vulnerability summary" }, { "category": "other", "text": "The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. While this flaw (CVE-2021-44906) enables attackers to control objects that they should not have access to, actual exploitation would still require a chain of independent flaws. Even though the CVSS for CVE-2021-44906 is higher than CVE-2020-7598, they are both rated as having Moderate impact.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44906" }, { "category": "external", "summary": "RHBZ#2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h" } ], "release_date": "2022-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "minimist: prototype pollution" }, { "acknowledgments": [ { "names": [ "Marcus Nilsson" ], "organization": "usd AG" } ], "cve": "CVE-2022-1274", "cwe": { "id": "CWE-80", "name": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)" }, "discovery_date": "2022-04-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073157" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: HTML injection in execute-actions-email Admin REST API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1274" }, { "category": "external", "summary": "RHBZ#2073157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073157" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1274", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1274" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1274", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1274" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725" } ], "release_date": "2023-02-28T18:57:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: HTML injection in execute-actions-email Admin REST API" }, { "acknowledgments": [ { "names": [ "Grzegorz Tworek" ], "organization": "SISOFT s.c." } ], "cve": "CVE-2022-1438", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2021-12-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031904" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: XSS on impersonation under specific circumstances", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1438" }, { "category": "external", "summary": "RHBZ#2031904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031904" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1438", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1438" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1438", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1438" } ], "release_date": "2023-02-28T18:56:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: XSS on impersonation under specific circumstances" }, { "cve": "CVE-2022-1471", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-12-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2150009" } ], "notes": [ { "category": "description", "text": "A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE).", "title": "Vulnerability description" }, { "category": "summary", "text": "SnakeYaml: Constructor Deserialization Remote Code Execution", "title": "Vulnerability summary" }, { "category": "other", "text": "In the Red Hat Process Automation 7 (RHPAM) the untrusted, malicious YAML file for deserialization by the vulnerable Snakeyaml\u0027s SafeConstructor class must be provided intentionally by the RHPAM user which requires high privileges. The potential attack complexity is also high because it depends on conditions that are beyond the attacker\u0027s control. Due to that the impact for RHPAM is reduced to Low.\n\nRed Hat Fuse 7 does not expose by default any endpoint that passes incoming data/request into vulnerable Snakeyaml\u0027s Constructor class nor pass untrusted data to this class. When this class is used, it\u2019s still only used to parse internal configuration, hence the impact by this vulnerability to Red Hat Fuse 7 is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1471" }, { "category": "external", "summary": "RHBZ#2150009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1471", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471" }, { "category": "external", "summary": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2", "url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2" } ], "release_date": "2022-10-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "SnakeYaml: Constructor Deserialization Remote Code Execution" }, { "cve": "CVE-2022-2764", "discovery_date": "2022-08-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2117506" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LAST_CHUNK from the bytes, causing a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2764" }, { "category": "external", "summary": "RHBZ#2117506", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117506" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2764", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2764" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2764", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2764" } ], "release_date": "2022-08-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations" }, { "cve": "CVE-2022-3782", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-10-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2138971" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: path traversal via double URL encoding", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-3782" }, { "category": "external", "summary": "RHBZ#2138971", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138971" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3782", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3782" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3782", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3782" } ], "release_date": "2022-12-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "keycloak: path traversal via double URL encoding" }, { "acknowledgments": [ { "names": [ "Peter Flintholm" ], "organization": "Trifork" } ], "cve": "CVE-2022-3916", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2022-11-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2141404" } ], "notes": [ { "category": "description", "text": "A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Session takeover with OIDC offline refreshtokens", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-3916" }, { "category": "external", "summary": "RHBZ#2141404", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141404" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3916", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3916" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3916" } ], "release_date": "2022-11-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Session takeover with OIDC offline refreshtokens" }, { "acknowledgments": [ { "names": [ "Thibault Guittet" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2022-4039", "cwe": { "id": "CWE-276", "name": "Incorrect Default Permissions" }, "discovery_date": "2022-11-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2143416" } ], "notes": [ { "category": "description", "text": "A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration.", "title": "Vulnerability description" }, { "category": "summary", "text": "rhsso-container-image: unsecured management interface exposed to adjecent network", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-4039" }, { "category": "external", "summary": "RHBZ#2143416", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2143416" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-4039", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4039" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4039", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4039" } ], "release_date": "2023-02-28T21:26:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "rhsso-container-image: unsecured management interface exposed to adjecent network" }, { "cve": "CVE-2022-24785", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-04-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2072009" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "Moment.js: Path traversal in moment.locale", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24785" }, { "category": "external", "summary": "RHBZ#2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", "url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4" } ], "release_date": "2022-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" }, { "category": "workaround", "details": "Sanitize the user-provided locale name before passing it to Moment.js.", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Moment.js: Path traversal in moment.locale" }, { "cve": "CVE-2022-25857", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-09-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2126789" } ], "notes": [ { "category": "description", "text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections", "title": "Vulnerability summary" }, { "category": "other", "text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25857" }, { "category": "external", "summary": "RHBZ#2126789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857" }, { "category": "external", "summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525" } ], "release_date": "2022-08-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections" }, { "cve": "CVE-2022-31129", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-07-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2105075" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "moment: inefficient parsing algorithm resulting in DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-31129" }, { "category": "external", "summary": "RHBZ#2105075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31129", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31129" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g", "url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g" } ], "release_date": "2022-07-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "moment: inefficient parsing algorithm resulting in DoS" }, { "cve": "CVE-2022-37603", "cwe": { "id": "CWE-185", "name": "Incorrect Regular Expression" }, "discovery_date": "2022-11-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2140597" } ], "notes": [ { "category": "description", "text": "A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.", "title": "Vulnerability description" }, { "category": "summary", "text": "loader-utils: Regular expression denial of service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-37603" }, { "category": "external", "summary": "RHBZ#2140597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-37603", "url": "https://www.cve.org/CVERecord?id=CVE-2022-37603" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603" } ], "release_date": "2022-10-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "loader-utils: Regular expression denial of service" }, { "cve": "CVE-2022-38749", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-09-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2129706" } ], "notes": [ { "category": "description", "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38749" }, { "category": "external", "summary": "RHBZ#2129706", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38749", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38749" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749" } ], "release_date": "2022-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode" }, { "cve": "CVE-2022-38750", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-09-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2129707" } ], "notes": [ { "category": "description", "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38750" }, { "category": "external", "summary": "RHBZ#2129707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38750", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38750" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750" } ], "release_date": "2022-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject" }, { "cve": "CVE-2022-38751", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-09-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2129709" } ], "notes": [ { "category": "description", "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38751" }, { "category": "external", "summary": "RHBZ#2129709", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129709" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38751", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38751" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751" } ], "release_date": "2022-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match" }, { "cve": "CVE-2022-40149", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-10-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135771" } ], "notes": [ { "category": "description", "text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: parser crash by stackoverflow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-40149" }, { "category": "external", "summary": "RHBZ#2135771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40149" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149" }, { "category": "external", "summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", "url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1" } ], "release_date": "2022-09-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jettison: parser crash by stackoverflow" }, { "cve": "CVE-2022-40150", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-10-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135770" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: memory exhaustion via user-supplied XML or JSON data", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-40150" }, { "category": "external", "summary": "RHBZ#2135770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40150" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150" }, { "category": "external", "summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", "url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1" } ], "release_date": "2022-09-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jettison: memory exhaustion via user-supplied XML or JSON data" }, { "cve": "CVE-2022-42003", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-10-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135244" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42003" }, { "category": "external", "summary": "RHBZ#2135244", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003" } ], "release_date": "2022-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS" }, { "cve": "CVE-2022-42004", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-10-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135247" } ], "notes": [ { "category": "description", "text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: use of deeply nested arrays", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42004" }, { "category": "external", "summary": "RHBZ#2135247", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004" } ], "release_date": "2022-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: use of deeply nested arrays" }, { "cve": "CVE-2022-45047", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-11-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2145194" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.", "title": "Vulnerability description" }, { "category": "summary", "text": "mina-sshd: Java unsafe deserialization vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Impact as High as there\u0027s a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it\u0027s very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-45047" }, { "category": "external", "summary": "RHBZ#2145194", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-45047", "url": "https://www.cve.org/CVERecord?id=CVE-2022-45047" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047" }, { "category": "external", "summary": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", "url": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html" } ], "release_date": "2022-11-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" }, { "category": "workaround", "details": "From the maintainer:\n\nFor Apache MINA SSHD \u003c= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server\u0027s host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "mina-sshd: Java unsafe deserialization vulnerability" }, { "cve": "CVE-2022-45693", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-12-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2155970" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-45693" }, { "category": "external", "summary": "RHBZ#2155970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-45693", "url": "https://www.cve.org/CVERecord?id=CVE-2022-45693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693" } ], "release_date": "2022-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos" }, { "cve": "CVE-2022-46175", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-12-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156263" } ], "notes": [ { "category": "description", "text": "A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.", "title": "Vulnerability description" }, { "category": "summary", "text": "json5: Prototype Pollution in JSON5 via Parse Method", "title": "Vulnerability summary" }, { "category": "other", "text": "The json5 package is a build-time dependency in Red Hat products and is not used in production runtime. Hence, the impact is set to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-46175" }, { "category": "external", "summary": "RHBZ#2156263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46175", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175" }, { "category": "external", "summary": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h", "url": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h" } ], "release_date": "2022-12-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "json5: Prototype Pollution in JSON5 via Parse Method" }, { "cve": "CVE-2022-46363", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2022-12-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2155681" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.", "title": "Vulnerability description" }, { "category": "summary", "text": "CXF: directory listing / code exfiltration", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-46363" }, { "category": "external", "summary": "RHBZ#2155681", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46363", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46363" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363" }, { "category": "external", "summary": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", "url": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c" } ], "release_date": "2022-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "CXF: directory listing / code exfiltration" }, { "cve": "CVE-2022-46364", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2022-12-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2155682" } ], "notes": [ { "category": "description", "text": "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", "title": "Vulnerability description" }, { "category": "summary", "text": "CXF: SSRF Vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-46364" }, { "category": "external", "summary": "RHBZ#2155682", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46364", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46364" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364" }, { "category": "external", "summary": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2", "url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2" } ], "release_date": "2022-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "CXF: SSRF Vulnerability" }, { "acknowledgments": [ { "names": [ "Sourav Kumar" ], "organization": "https://github.com/souravs17031999", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2023-0091", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2022-10-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2158585" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Client Registration endpoint does not check token revocation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-0091" }, { "category": "external", "summary": "RHBZ#2158585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158585" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0091", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0091" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0091", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0091" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg" }, { "category": "external", "summary": "https://github.com/keycloak/security/issues/27", "url": "https://github.com/keycloak/security/issues/27" } ], "release_date": "2022-10-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: Client Registration endpoint does not check token revocation" }, { "acknowledgments": [ { "names": [ "Jordi Zayuelas i Mu\u00f1oz" ], "organization": "A1 Digital", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2023-0264", "cwe": { "id": "CWE-303", "name": "Incorrect Implementation of Authentication Algorithm" }, "discovery_date": "2023-01-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2160585" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak\u0027s OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, Integrity, and availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: user impersonation via stolen uuid code", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-0264" }, { "category": "external", "summary": "RHBZ#2160585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160585" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0264", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0264" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0264", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0264" } ], "release_date": "2023-02-28T18:58:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1047" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64", "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: user impersonation via stolen uuid code" } ] }
rhsa-2023_1533
Vulnerability from csaf_redhat
Published
2023-03-30 13:06
Modified
2024-09-18 14:45
Summary
Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update
Notes
Topic
An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs (14.21.3).
Security Fix(es):
* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)
* glob-parent: Regular Expression Denial of Service (CVE-2021-35065)
* minimist: prototype pollution (CVE-2021-44906)
* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)
* c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)
* express: "qs" prototype poisoning causes the hang of the node process (CVE-2022-24999)
* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)
* nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)
* nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548)
* Node.js: Permissions policies can be bypassed via process.mainModule (CVE-2023-23918)
* Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (14.21.3).\n\nSecurity Fix(es):\n\n* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)\n\n* glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n\n* minimist: prototype pollution (CVE-2021-44906)\n\n* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)\n\n* c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)\n\n* express: \"qs\" prototype poisoning causes the hang of the node process (CVE-2022-24999)\n\n* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)\n\n* nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)\n\n* nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548)\n\n* Node.js: Permissions policies can be bypassed via process.mainModule (CVE-2023-23918)\n\n* Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:1533", "url": "https://access.redhat.com/errata/RHSA-2023:1533" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "2130518", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130518" }, { "category": "external", "summary": "2134609", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134609" }, { "category": "external", "summary": "2140911", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140911" }, { "category": "external", "summary": "2142823", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142823" }, { "category": "external", "summary": "2150323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323" }, { "category": "external", "summary": "2156324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324" }, { "category": "external", "summary": "2165824", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165824" }, { "category": "external", "summary": "2168631", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631" }, { "category": "external", "summary": "2170644", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644" }, { "category": "external", "summary": "2171935", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171935" }, { "category": "external", "summary": "2172217", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172217" }, { "category": "external", "summary": "2175828", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2175828" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_1533.json" } ], "title": "Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update", "tracking": { "current_release_date": "2024-09-18T14:45:26+00:00", "generator": { "date": "2024-09-18T14:45:26+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2023:1533", "initial_release_date": "2023-03-30T13:06:07+00:00", "revision_history": [ { "date": "2023-03-30T13:06:07+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-03-30T13:06:07+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-18T14:45:26+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product": { "name": "Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_eus:8.4::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "nodejs:14:8040020230306170312:522a0ee4", "product": { "name": "nodejs:14:8040020230306170312:522a0ee4", "product_id": "nodejs:14:8040020230306170312:522a0ee4", "product_identification_helper": { "purl": "pkg:rpmmod/redhat/nodejs@14:8040020230306170312:522a0ee4" } } }, { "category": "product_version", "name": "nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "product": { "name": "nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "product_id": "nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-docs@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "product": { "name": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "product_id": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.20-3.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=noarch" } } }, { "category": "product_version", "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "product": { "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "product_id": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-packaging@23-3.module%2Bel8.3.0%2B6519%2B9f98ed83?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "product": { "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "product_id": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "product": { "name": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "product_id": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.20-3.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=src" } } }, { "category": "product_version", "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "product": { "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "product_id": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-packaging@23-3.module%2Bel8.3.0%2B6519%2B9f98ed83?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "product": { "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "product_id": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "product": { "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "product": { "name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "product": { "name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "product_id": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "product": { "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64", "product": { "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64", "product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "product": { "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "product_id": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "product": { "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "product": { "name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "product": { "name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "product_id": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "product": { "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "product": { "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=s390x\u0026epoch=1" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "product": { "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "product_id": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "product": { "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "product": { "name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "product": { "name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "product_id": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "product": { "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "product": { "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=ppc64le\u0026epoch=1" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "product": { "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "product_id": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "product": { "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "product": { "name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "product": { "name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "product_id": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "product": { "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "product": { "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=aarch64\u0026epoch=1" } } } ], "category": "architecture", "name": "aarch64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, "product_reference": "nodejs:14:8040020230306170312:522a0ee4", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64 as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64" }, "product_reference": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le" }, "product_reference": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x" }, "product_reference": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src" }, "product_reference": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64 as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64" }, "product_reference": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64 as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64" }, "product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le" }, "product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x" }, "product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64 as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64" }, "product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64 as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64" }, "product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le" }, "product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x" }, "product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64 as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64" }, "product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64 as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64" }, "product_reference": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le" }, "product_reference": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x" }, "product_reference": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64 as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64" }, "product_reference": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch" }, "product_reference": "nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64 as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64" }, "product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le" }, "product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x" }, "product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64 as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64" }, "product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch" }, "product_reference": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src" }, "product_reference": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch" }, "product_reference": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src" }, "product_reference": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64 as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64" }, "product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le" }, "product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x" }, "product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64 as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" }, "product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-35065", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-12-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156324" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "glob-parent: Regular Expression Denial of Service", "title": "Vulnerability summary" }, { "category": "other", "text": "The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-35065" }, { "category": "external", "summary": "RHBZ#2156324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-35065", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35065" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065" }, { "category": "external", "summary": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294", "url": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294" } ], "release_date": "2022-12-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1533" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "glob-parent: Regular Expression Denial of Service" }, { "cve": "CVE-2021-44906", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066009" } ], "notes": [ { "category": "description", "text": "An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "minimist: prototype pollution", "title": "Vulnerability summary" }, { "category": "other", "text": "The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. While this flaw (CVE-2021-44906) enables attackers to control objects that they should not have access to, actual exploitation would still require a chain of independent flaws. Even though the CVSS for CVE-2021-44906 is higher than CVE-2020-7598, they are both rated as having Moderate impact.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44906" }, { "category": "external", "summary": "RHBZ#2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h" } ], "release_date": "2022-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1533" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "minimist: prototype pollution" }, { "cve": "CVE-2022-3517", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2022-06-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2134609" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-minimatch: ReDoS via the braceExpand function", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-3517" }, { "category": "external", "summary": "RHBZ#2134609", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134609" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3517", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3517" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3517", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3517" } ], "release_date": "2022-02-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1533" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs-minimatch: ReDoS via the braceExpand function" }, { "cve": "CVE-2022-4904", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2023-02-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2168631" } ], "notes": [ { "category": "description", "text": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "c-ares: buffer overflow in config_sortlist() due to missing string length check", "title": "Vulnerability summary" }, { "category": "other", "text": "The severity of this vulnerability is not important but moderate because exploiting the vulnerability can lead to a disruption of the availability of an application, yet doesn\u2019t compromise data integrity or confidentiality. The opportunity for disruption is further limited due to the requirement that an application allows an attacker to be able to input both untrusted and unvalidated data. Exploiting this flaw requires an application to use the library in such a way that would allow untrusted and unvalidated input to be passed directly to ares_set_sortlist by an attacker. In the event that this is able to occur, the impact to RHEL is limited to a crash of the application due to the protections offered by default in RHEL systems such as Stack Smashing Protection (SSP).", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-4904" }, { "category": "external", "summary": "RHBZ#2168631", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-4904", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4904" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4904", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4904" }, { "category": "external", "summary": "https://github.com/c-ares/c-ares/issues/496", "url": "https://github.com/c-ares/c-ares/issues/496" } ], "release_date": "2022-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1533" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "c-ares: buffer overflow in config_sortlist() due to missing string length check" }, { "cve": "CVE-2022-24999", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-12-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2150323" } ], "notes": [ { "category": "description", "text": "A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker can cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "express: \"qs\" prototype poisoning causes the hang of the node process", "title": "Vulnerability summary" }, { "category": "other", "text": "- The qs and express Package is not used by the OpenShift Container Platform console directly and is only a third-party package dependency. Hence, it is marked as wontfix. \nAs a result, any services that depend on Openshift for their use of qs and express are marked won\u0027t fix. \n- In OpenShift Service Mesh, \u0027qs\u0027 is hoisted from storybook and node-sass, both are dev dependencies, and the vulnerability is not exposed to end users. Hence marked as wontfix.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24999" }, { "category": "external", "summary": "RHBZ#2150323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24999", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24999" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999" }, { "category": "external", "summary": "https://github.com/expressjs/express/releases/tag/4.17.3", "url": "https://github.com/expressjs/express/releases/tag/4.17.3" }, { "category": "external", "summary": "https://github.com/ljharb/qs/pull/428", "url": "https://github.com/ljharb/qs/pull/428" }, { "category": "external", "summary": "https://github.com/n8tz/CVE-2022-24999", "url": "https://github.com/n8tz/CVE-2022-24999" } ], "release_date": "2022-11-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1533" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "express: \"qs\" prototype poisoning causes the hang of the node process" }, { "cve": "CVE-2022-25881", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2023-01-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2165824" } ], "notes": [ { "category": "description", "text": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "title": "Vulnerability description" }, { "category": "summary", "text": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25881" }, { "category": "external", "summary": "RHBZ#2165824", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165824" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25881", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25881" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881" } ], "release_date": "2023-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1533" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability" }, { "acknowledgments": [ { "names": [ "VVX7" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2022-35256", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2022-09-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2130518" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in NodeJS due to improper validation of HTTP requests. The llhttp parser in the HTTP module in Node.js does not correctly handle header fields that are not terminated with CLRF. This issue may result in HTTP Request Smuggling. This flaw allows a remote attacker to send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: HTTP Request Smuggling due to incorrect parsing of header fields", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-35256" }, { "category": "external", "summary": "RHBZ#2130518", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130518" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-35256", "url": "https://www.cve.org/CVERecord?id=CVE-2022-35256" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#http-request-smuggling-due-to-incorrect-parsing-of-header-fields-medium-cve-2022-35256", "url": "https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#http-request-smuggling-due-to-incorrect-parsing-of-header-fields-medium-cve-2022-35256" } ], "release_date": "2022-09-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1533" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: HTTP Request Smuggling due to incorrect parsing of header fields" }, { "cve": "CVE-2022-38900", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2023-02-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2170644" } ], "notes": [ { "category": "description", "text": "A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "decode-uri-component: improper input validation resulting in DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "For OpenShift Container Platform (OCP), Advanced Clusters Management for Kubernetes (ACM) and Advanced Cluster Security (ACS), the NPM decode-uri-component package is only present in source repositories as a development dependency, it is not used in production. Therefore this vulnerability is rated Low for OCP and ACS.\n\nIn Red Hat OpenShift Logging the openshift-logging/kibana6-rhel8 container bundles many nodejs packages as a build time dependencies, including the decode-uri-component package. \nThe vulnerable code is not used, hence the impact to OpenShift Logging by this vulnerability is Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38900" }, { "category": "external", "summary": "RHBZ#2170644", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38900", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900" }, { "category": "external", "summary": "https://github.com/SamVerschueren/decode-uri-component/issues/5", "url": "https://github.com/SamVerschueren/decode-uri-component/issues/5" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-w573-4hg7-7wgq", "url": "https://github.com/advisories/GHSA-w573-4hg7-7wgq" } ], "release_date": "2022-11-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1533" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "decode-uri-component: improper input validation resulting in DoS" }, { "cve": "CVE-2022-43548", "cwe": { "id": "CWE-350", "name": "Reliance on Reverse DNS Resolution for a Security-Critical Action" }, "discovery_date": "2022-11-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2140911" } ], "notes": [ { "category": "description", "text": "A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: DNS rebinding in inspect via invalid octal IP address", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-43548" }, { "category": "external", "summary": "RHBZ#2140911", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140911" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-43548", "url": "https://www.cve.org/CVERecord?id=CVE-2022-43548" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548", "url": "https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548" } ], "release_date": "2022-11-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1533" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: DNS rebinding in inspect via invalid octal IP address" }, { "cve": "CVE-2023-23918", "cwe": { "id": "CWE-863", "name": "Incorrect Authorization" }, "discovery_date": "2023-02-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2171935" } ], "notes": [ { "category": "description", "text": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "title": "Vulnerability description" }, { "category": "summary", "text": "Node.js: Permissions policies can be bypassed via process.mainModule", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-23918" }, { "category": "external", "summary": "RHBZ#2171935", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171935" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-23918", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23918" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918" } ], "release_date": "2023-02-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1533" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Node.js: Permissions policies can be bypassed via process.mainModule" }, { "cve": "CVE-2023-23920", "cwe": { "id": "CWE-426", "name": "Untrusted Search Path" }, "discovery_date": "2023-02-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2172217" } ], "notes": [ { "category": "description", "text": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "title": "Vulnerability description" }, { "category": "summary", "text": "Node.js: insecure loading of ICU data through ICU_DATA environment variable", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-23920" }, { "category": "external", "summary": "RHBZ#2172217", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172217" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-23920", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23920" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920" } ], "release_date": "2023-02-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1533" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Node.js: insecure loading of ICU data through ICU_DATA environment variable" } ] }
rhsa-2023_1742
Vulnerability from csaf_redhat
Published
2023-04-12 15:04
Modified
2024-09-18 14:48
Summary
Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update
Notes
Topic
An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs (14.21.3).
Security Fix(es):
* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)
* glob-parent: Regular Expression Denial of Service (CVE-2021-35065)
* nodejs: Improper handling of URI Subject Alternative Names (CVE-2021-44531)
* nodejs: Certificate Verification Bypass via String Injection (CVE-2021-44532)
* nodejs: Incorrect handling of certificate subject and issuer fields (CVE-2021-44533)
* minimist: prototype pollution (CVE-2021-44906)
* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)
* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)
* c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)
* express: "qs" prototype poisoning causes the hang of the node process (CVE-2022-24999)
* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)
* nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)
* nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548)
* Node.js: Permissions policies can be bypassed via process.mainModule (CVE-2023-23918)
* nodejs: Prototype pollution via console.table properties (CVE-2022-21824)
* Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (14.21.3).\n\nSecurity Fix(es):\n\n* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)\n\n* glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n\n* nodejs: Improper handling of URI Subject Alternative Names (CVE-2021-44531)\n\n* nodejs: Certificate Verification Bypass via String Injection (CVE-2021-44532)\n\n* nodejs: Incorrect handling of certificate subject and issuer fields (CVE-2021-44533)\n\n* minimist: prototype pollution (CVE-2021-44906)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)\n\n* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)\n\n* c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)\n\n* express: \"qs\" prototype poisoning causes the hang of the node process (CVE-2022-24999)\n\n* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)\n\n* nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)\n\n* nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548)\n\n* Node.js: Permissions policies can be bypassed via process.mainModule (CVE-2023-23918)\n\n* nodejs: Prototype pollution via console.table properties (CVE-2022-21824)\n\n* Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:1742", "url": "https://access.redhat.com/errata/RHSA-2023:1742" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2040839", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040839" }, { "category": "external", "summary": "2040846", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040846" }, { "category": "external", "summary": "2040856", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040856" }, { "category": "external", "summary": "2040862", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040862" }, { "category": "external", "summary": "2044591", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044591" }, { "category": "external", "summary": "2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "2130518", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130518" }, { "category": "external", "summary": "2134609", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134609" }, { "category": "external", "summary": "2140911", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140911" }, { "category": "external", "summary": "2142822", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142822" }, { "category": "external", "summary": "2150323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323" }, { "category": "external", "summary": "2156324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324" }, { "category": "external", "summary": "2165824", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165824" }, { "category": "external", "summary": "2168631", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631" }, { "category": "external", "summary": "2170644", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644" }, { "category": "external", "summary": "2171935", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171935" }, { "category": "external", "summary": "2172217", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172217" }, { "category": "external", "summary": "2175827", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2175827" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_1742.json" } ], "title": "Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update", "tracking": { "current_release_date": "2024-09-18T14:48:01+00:00", "generator": { "date": "2024-09-18T14:48:01+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2023:1742", "initial_release_date": "2023-04-12T15:04:47+00:00", "revision_history": [ { "date": "2023-04-12T15:04:47+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-04-12T15:04:47+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-18T14:48:01+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product": { "name": "Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_eus:8.6::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "nodejs:14:8060020230306170237:ad008a3a", "product": { "name": "nodejs:14:8060020230306170237:ad008a3a", "product_id": "nodejs:14:8060020230306170237:ad008a3a", "product_identification_helper": { "purl": "pkg:rpmmod/redhat/nodejs@14:8060020230306170237:ad008a3a" } } }, { "category": "product_version", "name": "nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "product": { "name": "nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "product_id": "nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-docs@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "product": { "name": "nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "product_id": "nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.20-3.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=noarch" } } }, { "category": "product_version", "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "product": { "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "product_id": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-packaging@23-3.module%2Bel8.3.0%2B6519%2B9f98ed83?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "product": { "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "product_id": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "product": { "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "product": { "name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "product": { "name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "product_id": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "product": { "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "product": { "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=aarch64\u0026epoch=1" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "product": { "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "product_id": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "product": { "name": "nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "product_id": "nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.20-3.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=src" } } }, { "category": "product_version", "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "product": { "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "product_id": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-packaging@23-3.module%2Bel8.3.0%2B6519%2B9f98ed83?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "product": { "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "product_id": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "product": { "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "product": { "name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "product": { "name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "product_id": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "product": { "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "product": { "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=ppc64le\u0026epoch=1" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "product": { "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "product_id": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "product": { "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "product": { "name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "product": { "name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "product_id": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "product": { "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "product": { "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=s390x\u0026epoch=1" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "product": { "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "product_id": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "product": { "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "product": { "name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "product": { "name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "product_id": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "product": { "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64", "product": { "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64", "product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, "product_reference": "nodejs:14:8060020230306170237:ad008a3a", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64 as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64" }, "product_reference": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le" }, "product_reference": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x" }, "product_reference": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src" }, "product_reference": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64 as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64" }, "product_reference": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64 as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64" }, "product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le" }, "product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x" }, "product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64 as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64" }, "product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64 as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64" }, "product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le" }, "product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x" }, "product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64 as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64" }, "product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64 as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64" }, "product_reference": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le" }, "product_reference": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x" }, "product_reference": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64 as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64" }, "product_reference": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch" }, "product_reference": "nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64 as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64" }, "product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le" }, "product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x" }, "product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64 as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64" }, "product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch" }, "product_reference": "nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src" }, "product_reference": "nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch" }, "product_reference": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src" }, "product_reference": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64 as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64" }, "product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le" }, "product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x" }, "product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64 as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" }, "product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-35065", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-12-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156324" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "glob-parent: Regular Expression Denial of Service", "title": "Vulnerability summary" }, { "category": "other", "text": "The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-35065" }, { "category": "external", "summary": "RHBZ#2156324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-35065", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35065" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065" }, { "category": "external", "summary": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294", "url": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294" } ], "release_date": "2022-12-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "glob-parent: Regular Expression Denial of Service" }, { "cve": "CVE-2021-44531", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2022-01-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040839" } ], "notes": [ { "category": "description", "text": "A flaw was found in node.js where it accepted a certificate\u0027s Subject Alternative Names (SAN) entry, as opposed to what is specified by the HTTPS protocol. This flaw allows an active person-in-the-middle to forge a certificate and impersonate a trusted host.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Improper handling of URI Subject Alternative Names", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore Quay component is marked as \"Will not fix\" with impact LOW.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44531" }, { "category": "external", "summary": "RHBZ#2040839", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040839" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44531", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44531" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44531", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44531" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/" } ], "release_date": "2022-01-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: Improper handling of URI Subject Alternative Names" }, { "cve": "CVE-2021-44532", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2022-01-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040846" } ], "notes": [ { "category": "description", "text": "It was found that node.js did not safely read the x509 certificate generalName format properly, resulting in data injection. A certificate could use a specially crafted extension in order to be successfully validated, permitting an attacker to impersonate a trusted host.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Certificate Verification Bypass via String Injection", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore Quay component is marked as \"Will not fix\" with impact LOW.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44532" }, { "category": "external", "summary": "RHBZ#2040846", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040846" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44532", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44532" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44532", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44532" } ], "release_date": "2022-01-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: Certificate Verification Bypass via String Injection" }, { "cve": "CVE-2021-44533", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2022-01-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040856" } ], "notes": [ { "category": "description", "text": "A flaw was found in node.js, where it did not properly handle multi-value Relative Distinguished Names. This flaw allows a specially crafted x509 certificate to produce a false multi-value Relative Distinguished Name and to inject arbitrary data in node.js libraries.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Incorrect handling of certificate subject and issuer fields", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally, there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore, the Quay component is marked as \"Will not fix\" with impact LOW.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44533" }, { "category": "external", "summary": "RHBZ#2040856", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040856" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44533", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44533" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44533", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44533" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/" } ], "release_date": "2022-01-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: Incorrect handling of certificate subject and issuer fields" }, { "cve": "CVE-2021-44906", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066009" } ], "notes": [ { "category": "description", "text": "An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "minimist: prototype pollution", "title": "Vulnerability summary" }, { "category": "other", "text": "The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. While this flaw (CVE-2021-44906) enables attackers to control objects that they should not have access to, actual exploitation would still require a chain of independent flaws. Even though the CVSS for CVE-2021-44906 is higher than CVE-2020-7598, they are both rated as having Moderate impact.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44906" }, { "category": "external", "summary": "RHBZ#2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h" } ], "release_date": "2022-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "minimist: prototype pollution" }, { "cve": "CVE-2022-0235", "cwe": { "id": "CWE-601", "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)" }, "discovery_date": "2022-01-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2044591" } ], "notes": [ { "category": "description", "text": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "title": "Vulnerability description" }, { "category": "summary", "text": "node-fetch: exposure of sensitive information to an unauthorized actor", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is out of support scope for dotnet-5.0. For more information about Dotnet product support scope, please see https://access.redhat.com/support/policy/updates/net-core", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0235" }, { "category": "external", "summary": "RHBZ#2044591", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044591" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0235", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0235" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0235", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0235" }, { "category": "external", "summary": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/", "url": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/" } ], "release_date": "2022-01-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "node-fetch: exposure of sensitive information to an unauthorized actor" }, { "cve": "CVE-2022-3517", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2022-06-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2134609" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-minimatch: ReDoS via the braceExpand function", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-3517" }, { "category": "external", "summary": "RHBZ#2134609", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134609" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3517", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3517" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3517", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3517" } ], "release_date": "2022-02-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs-minimatch: ReDoS via the braceExpand function" }, { "cve": "CVE-2022-4904", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2023-02-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2168631" } ], "notes": [ { "category": "description", "text": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "c-ares: buffer overflow in config_sortlist() due to missing string length check", "title": "Vulnerability summary" }, { "category": "other", "text": "The severity of this vulnerability is not important but moderate because exploiting the vulnerability can lead to a disruption of the availability of an application, yet doesn\u2019t compromise data integrity or confidentiality. The opportunity for disruption is further limited due to the requirement that an application allows an attacker to be able to input both untrusted and unvalidated data. Exploiting this flaw requires an application to use the library in such a way that would allow untrusted and unvalidated input to be passed directly to ares_set_sortlist by an attacker. In the event that this is able to occur, the impact to RHEL is limited to a crash of the application due to the protections offered by default in RHEL systems such as Stack Smashing Protection (SSP).", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-4904" }, { "category": "external", "summary": "RHBZ#2168631", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-4904", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4904" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4904", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4904" }, { "category": "external", "summary": "https://github.com/c-ares/c-ares/issues/496", "url": "https://github.com/c-ares/c-ares/issues/496" } ], "release_date": "2022-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "c-ares: buffer overflow in config_sortlist() due to missing string length check" }, { "cve": "CVE-2022-21824", "cwe": { "id": "CWE-915", "name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes" }, "discovery_date": "2022-01-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040862" } ], "notes": [ { "category": "description", "text": "Due to the formatting logic of the \"console.table()\" function it was not safe to allow user controlled input to be passed to the \"properties\" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be \"__proto__\". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js \u003e= 12.22.9, \u003e= 14.18.3, \u003e= 16.13.2, and \u003e= 17.3.1 use a null protoype for the object these properties are being assigned to.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Prototype pollution via console.table properties", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore Quay component is marked as \"Will not fix\".", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21824" }, { "category": "external", "summary": "RHBZ#2040862", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040862" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21824", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21824" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21824", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21824" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/" } ], "release_date": "2022-01-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "nodejs: Prototype pollution via console.table properties" }, { "cve": "CVE-2022-24999", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-12-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2150323" } ], "notes": [ { "category": "description", "text": "A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker can cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "express: \"qs\" prototype poisoning causes the hang of the node process", "title": "Vulnerability summary" }, { "category": "other", "text": "- The qs and express Package is not used by the OpenShift Container Platform console directly and is only a third-party package dependency. Hence, it is marked as wontfix. \nAs a result, any services that depend on Openshift for their use of qs and express are marked won\u0027t fix. \n- In OpenShift Service Mesh, \u0027qs\u0027 is hoisted from storybook and node-sass, both are dev dependencies, and the vulnerability is not exposed to end users. Hence marked as wontfix.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24999" }, { "category": "external", "summary": "RHBZ#2150323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24999", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24999" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999" }, { "category": "external", "summary": "https://github.com/expressjs/express/releases/tag/4.17.3", "url": "https://github.com/expressjs/express/releases/tag/4.17.3" }, { "category": "external", "summary": "https://github.com/ljharb/qs/pull/428", "url": "https://github.com/ljharb/qs/pull/428" }, { "category": "external", "summary": "https://github.com/n8tz/CVE-2022-24999", "url": "https://github.com/n8tz/CVE-2022-24999" } ], "release_date": "2022-11-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "express: \"qs\" prototype poisoning causes the hang of the node process" }, { "cve": "CVE-2022-25881", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2023-01-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2165824" } ], "notes": [ { "category": "description", "text": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "title": "Vulnerability description" }, { "category": "summary", "text": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25881" }, { "category": "external", "summary": "RHBZ#2165824", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165824" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25881", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25881" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881" } ], "release_date": "2023-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability" }, { "acknowledgments": [ { "names": [ "VVX7" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2022-35256", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2022-09-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2130518" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in NodeJS due to improper validation of HTTP requests. The llhttp parser in the HTTP module in Node.js does not correctly handle header fields that are not terminated with CLRF. This issue may result in HTTP Request Smuggling. This flaw allows a remote attacker to send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: HTTP Request Smuggling due to incorrect parsing of header fields", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-35256" }, { "category": "external", "summary": "RHBZ#2130518", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130518" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-35256", "url": "https://www.cve.org/CVERecord?id=CVE-2022-35256" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#http-request-smuggling-due-to-incorrect-parsing-of-header-fields-medium-cve-2022-35256", "url": "https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#http-request-smuggling-due-to-incorrect-parsing-of-header-fields-medium-cve-2022-35256" } ], "release_date": "2022-09-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: HTTP Request Smuggling due to incorrect parsing of header fields" }, { "cve": "CVE-2022-38900", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2023-02-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2170644" } ], "notes": [ { "category": "description", "text": "A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "decode-uri-component: improper input validation resulting in DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "For OpenShift Container Platform (OCP), Advanced Clusters Management for Kubernetes (ACM) and Advanced Cluster Security (ACS), the NPM decode-uri-component package is only present in source repositories as a development dependency, it is not used in production. Therefore this vulnerability is rated Low for OCP and ACS.\n\nIn Red Hat OpenShift Logging the openshift-logging/kibana6-rhel8 container bundles many nodejs packages as a build time dependencies, including the decode-uri-component package. \nThe vulnerable code is not used, hence the impact to OpenShift Logging by this vulnerability is Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38900" }, { "category": "external", "summary": "RHBZ#2170644", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38900", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900" }, { "category": "external", "summary": "https://github.com/SamVerschueren/decode-uri-component/issues/5", "url": "https://github.com/SamVerschueren/decode-uri-component/issues/5" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-w573-4hg7-7wgq", "url": "https://github.com/advisories/GHSA-w573-4hg7-7wgq" } ], "release_date": "2022-11-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "decode-uri-component: improper input validation resulting in DoS" }, { "cve": "CVE-2022-43548", "cwe": { "id": "CWE-350", "name": "Reliance on Reverse DNS Resolution for a Security-Critical Action" }, "discovery_date": "2022-11-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2140911" } ], "notes": [ { "category": "description", "text": "A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: DNS rebinding in inspect via invalid octal IP address", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-43548" }, { "category": "external", "summary": "RHBZ#2140911", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140911" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-43548", "url": "https://www.cve.org/CVERecord?id=CVE-2022-43548" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548", "url": "https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548" } ], "release_date": "2022-11-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: DNS rebinding in inspect via invalid octal IP address" }, { "cve": "CVE-2023-23918", "cwe": { "id": "CWE-863", "name": "Incorrect Authorization" }, "discovery_date": "2023-02-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2171935" } ], "notes": [ { "category": "description", "text": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "title": "Vulnerability description" }, { "category": "summary", "text": "Node.js: Permissions policies can be bypassed via process.mainModule", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-23918" }, { "category": "external", "summary": "RHBZ#2171935", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171935" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-23918", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23918" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918" } ], "release_date": "2023-02-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Node.js: Permissions policies can be bypassed via process.mainModule" }, { "cve": "CVE-2023-23920", "cwe": { "id": "CWE-426", "name": "Untrusted Search Path" }, "discovery_date": "2023-02-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2172217" } ], "notes": [ { "category": "description", "text": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "title": "Vulnerability description" }, { "category": "summary", "text": "Node.js: insecure loading of ICU data through ICU_DATA environment variable", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-23920" }, { "category": "external", "summary": "RHBZ#2172217", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172217" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-23920", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23920" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920" } ], "release_date": "2023-02-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Node.js: insecure loading of ICU data through ICU_DATA environment variable" } ] }
rhsa-2023_1043
Vulnerability from csaf_redhat
Published
2023-03-01 22:02
Modified
2024-09-19 07:52
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update on RHEL 7
Notes
Topic
New Red Hat Single Sign-On 7.6.2 packages are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.2 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* keycloak: XSS on impersonation under specific circumstances (CVE-2022-1438)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* keycloak: missing email notification template allowlist (CVE-2022-1274)
* keycloak: minimist: prototype pollution (CVE-2021-44906)
* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
* undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)
* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)
* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)
* keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)
* keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)
* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)
* keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)
* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
* rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
* jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)
* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)
* keycloak: reflected XSS attack (CVE-2022-4137)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "New Red Hat Single Sign-On 7.6.2 packages are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.2 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* keycloak: XSS on impersonation under specific circumstances (CVE-2022-1438)\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n* keycloak: missing email notification template allowlist (CVE-2022-1274)\n* keycloak: minimist: prototype pollution (CVE-2021-44906)\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n* undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n* loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)\n* keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)\n* keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n* keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)\n* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n* rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n* jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n* jquery: Passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n* jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n* keycloak: reflected XSS attack (CVE-2022-4137)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:1043", "url": "https://access.redhat.com/errata/RHSA-2023:1043" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1601614", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614" }, { "category": "external", "summary": "1601617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617" }, { "category": "external", "summary": "1701972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972" }, { "category": "external", "summary": "1828406", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406" }, { "category": "external", "summary": "2031904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031904" }, { "category": "external", "summary": "2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "2073157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073157" }, { "category": "external", "summary": "2105075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075" }, { "category": "external", "summary": "2117506", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117506" }, { "category": "external", "summary": "2126789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789" }, { "category": "external", "summary": "2129706", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706" }, { "category": "external", "summary": "2129707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707" }, { "category": "external", "summary": "2129709", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129709" }, { "category": "external", "summary": "2135244", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244" }, { "category": "external", "summary": "2135247", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247" }, { "category": "external", "summary": "2135770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770" }, { "category": "external", "summary": "2135771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771" }, { "category": "external", "summary": "2138971", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138971" }, { "category": "external", "summary": "2140597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597" }, { "category": "external", "summary": "2141404", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141404" }, { "category": "external", "summary": "2145194", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194" }, { "category": "external", "summary": "2148496", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148496" }, { "category": "external", "summary": "2150009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009" }, { "category": "external", "summary": "2155681", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681" }, { "category": "external", "summary": "2155682", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682" }, { "category": "external", "summary": "2155970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970" }, { "category": "external", "summary": "2156263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263" }, { "category": "external", "summary": "2156324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324" }, { "category": "external", "summary": "2158585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158585" }, { "category": "external", "summary": "2160585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160585" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_1043.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update on RHEL 7", "tracking": { "current_release_date": "2024-09-19T07:52:19+00:00", "generator": { "date": "2024-09-19T07:52:19+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2023:1043", "initial_release_date": "2023-03-01T22:02:40+00:00", "revision_history": [ { "date": "2023-03-01T22:02:40+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-03-01T22:02:40+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-19T07:52:19+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.6 for RHEL 7 Server", "product": { "name": "Red Hat Single Sign-On 7.6 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "product": { "name": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "product_id": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.6-1.redhat_00001.1.el7sso?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "product": { "name": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "product_id": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.6-1.redhat_00001.1.el7sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "product": { "name": "rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "product_id": "rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.6-1.redhat_00001.1.el7sso?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch" }, "product_reference": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "relates_to_product_reference": "7Server-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src" }, "product_reference": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "relates_to_product_reference": "7Server-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" }, "product_reference": "rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "relates_to_product_reference": "7Server-RHSSO-7.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-14040", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2018-07-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1601614" } ], "notes": [ { "category": "description", "text": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.", "title": "Vulnerability description" }, { "category": "summary", "text": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14040" }, { "category": "external", "summary": "RHBZ#1601614", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14040", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14040" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040" } ], "release_date": "2018-05-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute" }, { "cve": "CVE-2018-14042", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2018-07-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1601617" } ], "notes": [ { "category": "description", "text": "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.", "title": "Vulnerability description" }, { "category": "summary", "text": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14042" }, { "category": "external", "summary": "RHBZ#1601617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14042", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14042" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042" } ], "release_date": "2018-05-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip" }, { "cve": "CVE-2019-11358", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2019-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1701972" } ], "notes": [ { "category": "description", "text": "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.", "title": "Vulnerability description" }, { "category": "summary", "text": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-11358" }, { "category": "external", "summary": "RHBZ#1701972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-11358", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11358" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358" }, { "category": "external", "summary": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/" }, { "category": "external", "summary": "https://www.drupal.org/sa-core-2019-006", "url": "https://www.drupal.org/sa-core-2019-006" } ], "release_date": "2019-03-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection" }, { "cve": "CVE-2020-11022", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2020-04-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828406" } ], "notes": [ { "category": "description", "text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.", "title": "Vulnerability description" }, { "category": "summary", "text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", "title": "Vulnerability summary" }, { "category": "other", "text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11022" }, { "category": "external", "summary": "RHBZ#1828406", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11022" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", "url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2" } ], "release_date": "2020-04-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method" }, { "cve": "CVE-2020-11023", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2020-06-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1850004" } ], "notes": [ { "category": "description", "text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. However, the vulnerability has not been found to be exploitable in reasonable scenarios. \n\nIn RHEL7, pcs-0.9.169-3.el7_9.3 [RHSA-2022:7343] contains an updated version of jquery (3.6.0), which does not contain the vulnerable code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11023" }, { "category": "external", "summary": "RHBZ#1850004", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023" }, { "category": "external", "summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", "url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/" } ], "release_date": "2020-04-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods" }, { "cve": "CVE-2021-35065", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-12-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156324" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "glob-parent: Regular Expression Denial of Service", "title": "Vulnerability summary" }, { "category": "other", "text": "The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-35065" }, { "category": "external", "summary": "RHBZ#2156324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-35065", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35065" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065" }, { "category": "external", "summary": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294", "url": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294" } ], "release_date": "2022-12-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "glob-parent: Regular Expression Denial of Service" }, { "cve": "CVE-2021-44906", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066009" } ], "notes": [ { "category": "description", "text": "An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "minimist: prototype pollution", "title": "Vulnerability summary" }, { "category": "other", "text": "The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. While this flaw (CVE-2021-44906) enables attackers to control objects that they should not have access to, actual exploitation would still require a chain of independent flaws. Even though the CVSS for CVE-2021-44906 is higher than CVE-2020-7598, they are both rated as having Moderate impact.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44906" }, { "category": "external", "summary": "RHBZ#2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h" } ], "release_date": "2022-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "minimist: prototype pollution" }, { "acknowledgments": [ { "names": [ "Marcus Nilsson" ], "organization": "usd AG" } ], "cve": "CVE-2022-1274", "cwe": { "id": "CWE-80", "name": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)" }, "discovery_date": "2022-04-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073157" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: HTML injection in execute-actions-email Admin REST API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1274" }, { "category": "external", "summary": "RHBZ#2073157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073157" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1274", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1274" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1274", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1274" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725" } ], "release_date": "2023-02-28T18:57:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: HTML injection in execute-actions-email Admin REST API" }, { "acknowledgments": [ { "names": [ "Grzegorz Tworek" ], "organization": "SISOFT s.c." } ], "cve": "CVE-2022-1438", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2021-12-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031904" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: XSS on impersonation under specific circumstances", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1438" }, { "category": "external", "summary": "RHBZ#2031904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031904" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1438", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1438" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1438", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1438" } ], "release_date": "2023-02-28T18:56:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: XSS on impersonation under specific circumstances" }, { "cve": "CVE-2022-1471", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-12-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2150009" } ], "notes": [ { "category": "description", "text": "A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE).", "title": "Vulnerability description" }, { "category": "summary", "text": "SnakeYaml: Constructor Deserialization Remote Code Execution", "title": "Vulnerability summary" }, { "category": "other", "text": "In the Red Hat Process Automation 7 (RHPAM) the untrusted, malicious YAML file for deserialization by the vulnerable Snakeyaml\u0027s SafeConstructor class must be provided intentionally by the RHPAM user which requires high privileges. The potential attack complexity is also high because it depends on conditions that are beyond the attacker\u0027s control. Due to that the impact for RHPAM is reduced to Low.\n\nRed Hat Fuse 7 does not expose by default any endpoint that passes incoming data/request into vulnerable Snakeyaml\u0027s Constructor class nor pass untrusted data to this class. When this class is used, it\u2019s still only used to parse internal configuration, hence the impact by this vulnerability to Red Hat Fuse 7 is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1471" }, { "category": "external", "summary": "RHBZ#2150009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1471", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471" }, { "category": "external", "summary": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2", "url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2" } ], "release_date": "2022-10-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "SnakeYaml: Constructor Deserialization Remote Code Execution" }, { "cve": "CVE-2022-2764", "discovery_date": "2022-08-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2117506" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LAST_CHUNK from the bytes, causing a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2764" }, { "category": "external", "summary": "RHBZ#2117506", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117506" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2764", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2764" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2764", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2764" } ], "release_date": "2022-08-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations" }, { "acknowledgments": [ { "names": [ "Peter Flintholm" ], "organization": "Trifork" } ], "cve": "CVE-2022-3916", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2022-11-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2141404" } ], "notes": [ { "category": "description", "text": "A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Session takeover with OIDC offline refreshtokens", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-3916" }, { "category": "external", "summary": "RHBZ#2141404", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141404" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3916", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3916" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3916" } ], "release_date": "2022-11-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Session takeover with OIDC offline refreshtokens" }, { "cve": "CVE-2022-4137", "cwe": { "id": "CWE-81", "name": "Improper Neutralization of Script in an Error Message Web Page" }, "discovery_date": "2022-11-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2148496" } ], "notes": [ { "category": "description", "text": "A reflected cross-site scripting (XSS) vulnerability was found in the \u0027oob\u0027 OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: reflected XSS attack", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-4137" }, { "category": "external", "summary": "RHBZ#2148496", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148496" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-4137", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4137" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4137", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4137" } ], "release_date": "2023-03-01T13:56:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "keycloak: reflected XSS attack" }, { "cve": "CVE-2022-24785", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-04-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2072009" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "Moment.js: Path traversal in moment.locale", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24785" }, { "category": "external", "summary": "RHBZ#2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", "url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4" } ], "release_date": "2022-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" }, { "category": "workaround", "details": "Sanitize the user-provided locale name before passing it to Moment.js.", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Moment.js: Path traversal in moment.locale" }, { "cve": "CVE-2022-25857", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-09-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2126789" } ], "notes": [ { "category": "description", "text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections", "title": "Vulnerability summary" }, { "category": "other", "text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25857" }, { "category": "external", "summary": "RHBZ#2126789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857" }, { "category": "external", "summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525" } ], "release_date": "2022-08-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections" }, { "cve": "CVE-2022-31129", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-07-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2105075" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "moment: inefficient parsing algorithm resulting in DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-31129" }, { "category": "external", "summary": "RHBZ#2105075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31129", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31129" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g", "url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g" } ], "release_date": "2022-07-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "moment: inefficient parsing algorithm resulting in DoS" }, { "cve": "CVE-2022-37603", "cwe": { "id": "CWE-185", "name": "Incorrect Regular Expression" }, "discovery_date": "2022-11-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2140597" } ], "notes": [ { "category": "description", "text": "A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.", "title": "Vulnerability description" }, { "category": "summary", "text": "loader-utils: Regular expression denial of service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-37603" }, { "category": "external", "summary": "RHBZ#2140597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-37603", "url": "https://www.cve.org/CVERecord?id=CVE-2022-37603" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603" } ], "release_date": "2022-10-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "loader-utils: Regular expression denial of service" }, { "cve": "CVE-2022-38749", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-09-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2129706" } ], "notes": [ { "category": "description", "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38749" }, { "category": "external", "summary": "RHBZ#2129706", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38749", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38749" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749" } ], "release_date": "2022-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode" }, { "cve": "CVE-2022-38750", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-09-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2129707" } ], "notes": [ { "category": "description", "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38750" }, { "category": "external", "summary": "RHBZ#2129707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38750", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38750" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750" } ], "release_date": "2022-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject" }, { "cve": "CVE-2022-38751", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-09-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2129709" } ], "notes": [ { "category": "description", "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38751" }, { "category": "external", "summary": "RHBZ#2129709", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129709" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38751", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38751" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751" } ], "release_date": "2022-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match" }, { "cve": "CVE-2022-40149", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-10-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135771" } ], "notes": [ { "category": "description", "text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: parser crash by stackoverflow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-40149" }, { "category": "external", "summary": "RHBZ#2135771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40149" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149" }, { "category": "external", "summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", "url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1" } ], "release_date": "2022-09-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jettison: parser crash by stackoverflow" }, { "cve": "CVE-2022-40150", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-10-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135770" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: memory exhaustion via user-supplied XML or JSON data", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-40150" }, { "category": "external", "summary": "RHBZ#2135770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40150" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150" }, { "category": "external", "summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", "url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1" } ], "release_date": "2022-09-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jettison: memory exhaustion via user-supplied XML or JSON data" }, { "cve": "CVE-2022-42003", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-10-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135244" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42003" }, { "category": "external", "summary": "RHBZ#2135244", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003" } ], "release_date": "2022-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS" }, { "cve": "CVE-2022-42004", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-10-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135247" } ], "notes": [ { "category": "description", "text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: use of deeply nested arrays", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42004" }, { "category": "external", "summary": "RHBZ#2135247", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004" } ], "release_date": "2022-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: use of deeply nested arrays" }, { "cve": "CVE-2022-45047", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-11-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2145194" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.", "title": "Vulnerability description" }, { "category": "summary", "text": "mina-sshd: Java unsafe deserialization vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Impact as High as there\u0027s a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it\u0027s very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-45047" }, { "category": "external", "summary": "RHBZ#2145194", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-45047", "url": "https://www.cve.org/CVERecord?id=CVE-2022-45047" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047" }, { "category": "external", "summary": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", "url": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html" } ], "release_date": "2022-11-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" }, { "category": "workaround", "details": "From the maintainer:\n\nFor Apache MINA SSHD \u003c= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server\u0027s host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "mina-sshd: Java unsafe deserialization vulnerability" }, { "cve": "CVE-2022-45693", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-12-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2155970" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-45693" }, { "category": "external", "summary": "RHBZ#2155970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-45693", "url": "https://www.cve.org/CVERecord?id=CVE-2022-45693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693" } ], "release_date": "2022-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos" }, { "cve": "CVE-2022-46175", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-12-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156263" } ], "notes": [ { "category": "description", "text": "A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.", "title": "Vulnerability description" }, { "category": "summary", "text": "json5: Prototype Pollution in JSON5 via Parse Method", "title": "Vulnerability summary" }, { "category": "other", "text": "The json5 package is a build-time dependency in Red Hat products and is not used in production runtime. Hence, the impact is set to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-46175" }, { "category": "external", "summary": "RHBZ#2156263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46175", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175" }, { "category": "external", "summary": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h", "url": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h" } ], "release_date": "2022-12-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "json5: Prototype Pollution in JSON5 via Parse Method" }, { "cve": "CVE-2022-46363", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2022-12-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2155681" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.", "title": "Vulnerability description" }, { "category": "summary", "text": "CXF: directory listing / code exfiltration", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-46363" }, { "category": "external", "summary": "RHBZ#2155681", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46363", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46363" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363" }, { "category": "external", "summary": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", "url": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c" } ], "release_date": "2022-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "CXF: directory listing / code exfiltration" }, { "cve": "CVE-2022-46364", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2022-12-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2155682" } ], "notes": [ { "category": "description", "text": "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", "title": "Vulnerability description" }, { "category": "summary", "text": "CXF: SSRF Vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-46364" }, { "category": "external", "summary": "RHBZ#2155682", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46364", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46364" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364" }, { "category": "external", "summary": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2", "url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2" } ], "release_date": "2022-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "CXF: SSRF Vulnerability" }, { "acknowledgments": [ { "names": [ "Sourav Kumar" ], "organization": "https://github.com/souravs17031999", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2023-0091", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2022-10-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2158585" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Client Registration endpoint does not check token revocation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-0091" }, { "category": "external", "summary": "RHBZ#2158585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158585" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0091", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0091" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0091", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0091" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg" }, { "category": "external", "summary": "https://github.com/keycloak/security/issues/27", "url": "https://github.com/keycloak/security/issues/27" } ], "release_date": "2022-10-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: Client Registration endpoint does not check token revocation" }, { "acknowledgments": [ { "names": [ "Jordi Zayuelas i Mu\u00f1oz" ], "organization": "A1 Digital", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2023-0264", "cwe": { "id": "CWE-303", "name": "Incorrect Implementation of Authentication Algorithm" }, "discovery_date": "2023-01-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2160585" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak\u0027s OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, Integrity, and availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: user impersonation via stolen uuid code", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-0264" }, { "category": "external", "summary": "RHBZ#2160585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160585" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0264", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0264" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0264", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0264" } ], "release_date": "2023-02-28T18:58:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1043" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: user impersonation via stolen uuid code" } ] }
rhsa-2022_6813
Vulnerability from csaf_redhat
Published
2022-10-05 10:44
Modified
2024-09-19 07:52
Summary
Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.1 security update
Notes
Topic
An update is now available for Red Hat Process Automation Manager.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.
This asynchronous security patch is an update to Red Hat Process Automation Manager 7.
Security Fix(es):
* chart.js: prototype pollution (CVE-2020-7746)
* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
* package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 (CVE-2021-23436)
* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)
* Business-central: Possible XML External Entity Injection attack (CVE-2022-2458)
* cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-1365)
* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
* jdbc-postgresql: postgresql-jdbc: Arbitrary File Write Vulnerability (CVE-2022-26520)
* jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes (CVE-2022-21724)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* org.drools-droolsjbpm-integration: minimist: prototype pollution (CVE-2021-44906)
* org.kie.workbench-kie-wb-common: minimist: prototype pollution (CVE-2021-44906)
* parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url (CVE-2022-0722)
* xercesimpl: xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)
* eventsource: Exposure of Sensitive Information (CVE-2022-1650)
* mysql-connector-java: Difficult to exploit vulnerability allows a high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)
* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)
* node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery (CVE-2022-24772)
* node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery (CVE-2022-24771)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat Process Automation Manager.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.\n\nThis asynchronous security patch is an update to Red Hat Process Automation Manager 7.\n\nSecurity Fix(es):\n\n* chart.js: prototype pollution (CVE-2020-7746)\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n* package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 (CVE-2021-23436)\n\n* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)\n\n* Business-central: Possible XML External Entity Injection attack (CVE-2022-2458)\n\n* cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-1365)\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* jdbc-postgresql: postgresql-jdbc: Arbitrary File Write Vulnerability (CVE-2022-26520)\n\n* jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes (CVE-2022-21724)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* org.drools-droolsjbpm-integration: minimist: prototype pollution (CVE-2021-44906)\n\n* org.kie.workbench-kie-wb-common: minimist: prototype pollution (CVE-2021-44906)\n\n* parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url (CVE-2022-0722)\n\n* xercesimpl: xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)\n\n* eventsource: Exposure of Sensitive Information (CVE-2022-1650)\n\n* mysql-connector-java: Difficult to exploit vulnerability allows a high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)\n\n* node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery (CVE-2022-24772)\n\n* node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery (CVE-2022-24771)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:6813", "url": "https://access.redhat.com/errata/RHSA-2022:6813" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2041833", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041833" }, { "category": "external", "summary": "2044591", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044591" }, { "category": "external", "summary": "2047200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047200" }, { "category": "external", "summary": "2047343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343" }, { "category": "external", "summary": "2050863", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050863" }, { "category": "external", "summary": "2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "2064007", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064007" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "2067387", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067387" }, { "category": "external", "summary": "2067458", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067458" }, { "category": "external", "summary": "2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "2076133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076133" }, { "category": "external", "summary": "2085307", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307" }, { "category": "external", "summary": "2096966", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096966" }, { "category": "external", "summary": "2103584", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103584" }, { "category": "external", "summary": "2105075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075" }, { "category": "external", "summary": "2107994", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107994" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2022/rhsa-2022_6813.json" } ], "title": "Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.1 security update", "tracking": { "current_release_date": "2024-09-19T07:52:10+00:00", "generator": { "date": "2024-09-19T07:52:10+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2022:6813", "initial_release_date": "2022-10-05T10:44:49+00:00", "revision_history": [ { "date": "2022-10-05T10:44:49+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-10-05T10:44:50+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-19T07:52:10+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHPAM 7.13.1 async", "product": { "name": "RHPAM 7.13.1 async", "product_id": "RHPAM 7.13.1 async", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13" } } } ], "category": "product_family", "name": "Red Hat Process Automation Manager" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-7746", "discovery_date": "2020-10-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2096966" } ], "notes": [ { "category": "description", "text": "A flaw was found in chart.js. This issue occurs when the options parameter is not properly sanitized when it is processed. When options are processed, the object\u0027s keys that are being set are not checked, possibly allowing a prototype pollution.", "title": "Vulnerability description" }, { "category": "summary", "text": "chart.js: prototype pollution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.1 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-7746" }, { "category": "external", "summary": "RHBZ#2096966", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096966" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-7746", "url": "https://www.cve.org/CVERecord?id=CVE-2020-7746" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7746", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7746" } ], "release_date": "2020-10-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", "product_ids": [ "RHPAM 7.13.1 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6813" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "RHPAM 7.13.1 async" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "chart.js: prototype pollution" }, { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.1 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", "product_ids": [ "RHPAM 7.13.1 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6813" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "RHPAM 7.13.1 async" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-23436", "discovery_date": "2021-10-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2041833" } ], "notes": [ { "category": "description", "text": "A prototype pollution flaw was found in the Node.js immer module. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, an attacker could execute arbitrary code on the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "immer: type confusion vulnerability can lead to a bypass of CVE-2020-28477", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.1 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-23436" }, { "category": "external", "summary": "RHBZ#2041833", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041833" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23436", "url": "https://www.cve.org/CVERecord?id=CVE-2021-23436" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23436", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23436" } ], "release_date": "2021-09-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", "product_ids": [ "RHPAM 7.13.1 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6813" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "RHPAM 7.13.1 async" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "immer: type confusion vulnerability can lead to a bypass of CVE-2020-28477" }, { "cve": "CVE-2021-44906", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066009" } ], "notes": [ { "category": "description", "text": "An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "minimist: prototype pollution", "title": "Vulnerability summary" }, { "category": "other", "text": "The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. While this flaw (CVE-2021-44906) enables attackers to control objects that they should not have access to, actual exploitation would still require a chain of independent flaws. Even though the CVSS for CVE-2021-44906 is higher than CVE-2020-7598, they are both rated as having Moderate impact.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.1 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44906" }, { "category": "external", "summary": "RHBZ#2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h" } ], "release_date": "2022-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", "product_ids": [ "RHPAM 7.13.1 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6813" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "RHPAM 7.13.1 async" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "minimist: prototype pollution" }, { "cve": "CVE-2022-0235", "cwe": { "id": "CWE-601", "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)" }, "discovery_date": "2022-01-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2044591" } ], "notes": [ { "category": "description", "text": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "title": "Vulnerability description" }, { "category": "summary", "text": "node-fetch: exposure of sensitive information to an unauthorized actor", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is out of support scope for dotnet-5.0. For more information about Dotnet product support scope, please see https://access.redhat.com/support/policy/updates/net-core", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.1 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0235" }, { "category": "external", "summary": "RHBZ#2044591", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044591" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0235", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0235" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0235", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0235" }, { "category": "external", "summary": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/", "url": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/" } ], "release_date": "2022-01-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", "product_ids": [ "RHPAM 7.13.1 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6813" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "RHPAM 7.13.1 async" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "node-fetch: exposure of sensitive information to an unauthorized actor" }, { "cve": "CVE-2022-0722", "cwe": { "id": "CWE-212", "name": "Improper Removal of Sensitive Information Before Storage or Transfer" }, "discovery_date": "2022-07-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2103584" } ], "notes": [ { "category": "description", "text": "A flaw was found in the parse-url package. Affected versions of this package are vulnerable to information exposure due to an improper validation issue.", "title": "Vulnerability description" }, { "category": "summary", "text": "parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.1 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0722" }, { "category": "external", "summary": "RHBZ#2103584", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103584" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0722", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0722" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0722", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0722" }, { "category": "external", "summary": "https://huntr.dev/bounties/2490ef6d-5577-4714-a4dd-9608251b4226", "url": "https://huntr.dev/bounties/2490ef6d-5577-4714-a4dd-9608251b4226" } ], "release_date": "2022-06-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", "product_ids": [ "RHPAM 7.13.1 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6813" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "RHPAM 7.13.1 async" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url" }, { "cve": "CVE-2022-1365", "cwe": { "id": "CWE-359", "name": "Exposure of Private Personal Information to an Unauthorized Actor" }, "discovery_date": "2022-04-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2076133" } ], "notes": [ { "category": "description", "text": "A flaw was found in the cross-fetch library when fetching a remote URL with a cookie when it gets to the Location response header. This flaw allows an attacker to hijack the account as the cookie is leaked.", "title": "Vulnerability description" }, { "category": "summary", "text": "cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.1 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1365" }, { "category": "external", "summary": "RHBZ#2076133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076133" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1365", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1365" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1365", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1365" }, { "category": "external", "summary": "https://huntr.dev/bounties/ab55dfdd-2a60-437a-a832-e3efe3d264ac/", "url": "https://huntr.dev/bounties/ab55dfdd-2a60-437a-a832-e3efe3d264ac/" } ], "release_date": "2022-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", "product_ids": [ "RHPAM 7.13.1 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6813" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1" }, "products": [ "RHPAM 7.13.1 async" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor" }, { "acknowledgments": [ { "names": [ "Paulino Calderon" ], "organization": "Websec" } ], "cve": "CVE-2022-1415", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2021-12-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2065505" } ], "notes": [ { "category": "description", "text": "A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.", "title": "Vulnerability description" }, { "category": "summary", "text": "drools: unsafe data deserialization in StreamUtils", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.1 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1415" }, { "category": "external", "summary": "RHBZ#2065505", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065505" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1415", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1415" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1415", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1415" } ], "release_date": "2022-10-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", "product_ids": [ "RHPAM 7.13.1 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6813" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "RHPAM 7.13.1 async" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "drools: unsafe data deserialization in StreamUtils" }, { "cve": "CVE-2022-1650", "cwe": { "id": "CWE-359", "name": "Exposure of Private Personal Information to an Unauthorized Actor" }, "discovery_date": "2022-05-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2085307" } ], "notes": [ { "category": "description", "text": "A flaw was found in the EventSource NPM Package. The description from the source states the following message: \"Exposure of Sensitive Information to an Unauthorized Actor.\" This flaw allows an attacker to steal the user\u0027s credentials and then use the credentials to access the legitimate website.", "title": "Vulnerability description" }, { "category": "summary", "text": "eventsource: Exposure of Sensitive Information", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.1 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1650" }, { "category": "external", "summary": "RHBZ#2085307", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1650", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1650" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650" }, { "category": "external", "summary": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e", "url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e" } ], "release_date": "2022-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", "product_ids": [ "RHPAM 7.13.1 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6813" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.1" }, "products": [ "RHPAM 7.13.1 async" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "eventsource: Exposure of Sensitive Information" }, { "cve": "CVE-2022-2458", "cwe": { "id": "CWE-91", "name": "XML Injection (aka Blind XPath Injection)" }, "discovery_date": "2022-07-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107994" } ], "notes": [ { "category": "description", "text": "An XML external entity injection(XXE) vulnerability was found in Business Central. This flaw allows an attacker to interfere with an application\u0027s processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. Here, the XML external entity injection leads to External Service interaction and an Internal file read in Business Central and Kie-Server APIs.", "title": "Vulnerability description" }, { "category": "summary", "text": "Business-central: Possible XML External Entity Injection attack", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.1 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2458" }, { "category": "external", "summary": "RHBZ#2107994", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107994" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2458", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2458" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2458", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2458" } ], "release_date": "2022-07-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", "product_ids": [ "RHPAM 7.13.1 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6813" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1" }, "products": [ "RHPAM 7.13.1 async" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Business-central: Possible XML External Entity Injection attack" }, { "cve": "CVE-2022-21363", "cwe": { "id": "CWE-280", "name": "Improper Handling of Insufficient Permissions or Privileges " }, "discovery_date": "2022-01-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2047343" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.1 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21363" }, { "category": "external", "summary": "RHBZ#2047343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21363", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21363" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL", "url": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", "product_ids": [ "RHPAM 7.13.1 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6813" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "RHPAM 7.13.1 async" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors" }, { "cve": "CVE-2022-21724", "cwe": { "id": "CWE-665", "name": "Improper Initialization" }, "discovery_date": "2022-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2050863" } ], "notes": [ { "category": "description", "text": "pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue.", "title": "Vulnerability description" }, { "category": "summary", "text": "jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes", "title": "Vulnerability summary" }, { "category": "other", "text": "According to the patch upstream the scoring of this issue has been severely reduced and is no longer considered an RCE. Therefore, the flaw has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 6, 7 and 8.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.1 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21724" }, { "category": "external", "summary": "RHBZ#2050863", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050863" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21724", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21724" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21724", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21724" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-v7wg-cpwc-24m4", "url": "https://github.com/advisories/GHSA-v7wg-cpwc-24m4" } ], "release_date": "2022-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", "product_ids": [ "RHPAM 7.13.1 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6813" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "RHPAM 7.13.1 async" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes" }, { "acknowledgments": [ { "names": [ "Sergey Temnikov", "Ziyi Luo" ], "organization": "Amazon Corretto", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2022-23437", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2022-01-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2047200" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This issue causes the XercesJ XML parser to wait in an infinite loop, which may consume system resources for a prolonged duration, leading to a denial of service condition.", "title": "Vulnerability description" }, { "category": "summary", "text": "xerces-j2: infinite loop when handling specially crafted XML document payloads", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.1 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23437" }, { "category": "external", "summary": "RHBZ#2047200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047200" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23437", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23437" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437" } ], "release_date": "2022-01-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", "product_ids": [ "RHPAM 7.13.1 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6813" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "RHPAM 7.13.1 async" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xerces-j2: infinite loop when handling specially crafted XML document payloads" }, { "cve": "CVE-2022-23913", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2063601" } ], "notes": [ { "category": "description", "text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "artemis-commons: Apache ActiveMQ Artemis DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.1 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23913" }, { "category": "external", "summary": "RHBZ#2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23913" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913" }, { "category": "external", "summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", "url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2" } ], "release_date": "2022-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", "product_ids": [ "RHPAM 7.13.1 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6813" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "RHPAM 7.13.1 async" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "artemis-commons: Apache ActiveMQ Artemis DoS" }, { "cve": "CVE-2022-24771", "cwe": { "id": "CWE-347", "name": "Improper Verification of Cryptographic Signature" }, "discovery_date": "2022-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2067387" } ], "notes": [ { "category": "description", "text": "A flaw was found in the node-forge package. This signature verification leniency allows an attacker to forge a signature.", "title": "Vulnerability description" }, { "category": "summary", "text": "node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw affects the DigestAlgorithm structure.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.1 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24771" }, { "category": "external", "summary": "RHBZ#2067387", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067387" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24771", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24771" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24771", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24771" }, { "category": "external", "summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765", "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765" } ], "release_date": "2022-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", "product_ids": [ "RHPAM 7.13.1 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6813" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "RHPAM 7.13.1 async" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery" }, { "cve": "CVE-2022-24772", "cwe": { "id": "CWE-347", "name": "Improper Verification of Cryptographic Signature" }, "discovery_date": "2022-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2067458" } ], "notes": [ { "category": "description", "text": "A flaw was found in the node-forge package. This signature verification leniency allows an attacker to forge a signature.", "title": "Vulnerability description" }, { "category": "summary", "text": "node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw affects the DigestInfo ASN.1 structure.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.1 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24772" }, { "category": "external", "summary": "RHBZ#2067458", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067458" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24772", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24772" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24772", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24772" }, { "category": "external", "summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g", "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g" } ], "release_date": "2022-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", "product_ids": [ "RHPAM 7.13.1 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6813" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "RHPAM 7.13.1 async" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery" }, { "cve": "CVE-2022-24785", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-04-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2072009" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "Moment.js: Path traversal in moment.locale", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.1 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24785" }, { "category": "external", "summary": "RHBZ#2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", "url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4" } ], "release_date": "2022-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", "product_ids": [ "RHPAM 7.13.1 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6813" }, { "category": "workaround", "details": "Sanitize the user-provided locale name before passing it to Moment.js.", "product_ids": [ "RHPAM 7.13.1 async" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "RHPAM 7.13.1 async" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Moment.js: Path traversal in moment.locale" }, { "cve": "CVE-2022-26520", "cwe": { "id": "CWE-552", "name": "Files or Directories Accessible to External Parties" }, "discovery_date": "2022-03-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064007" } ], "notes": [ { "category": "description", "text": "A flaw was found in Postgres JDBC. This flaw allows an attacker to use a method to write arbitrary files through the connection properties settings. For example, an attacker can create an executable file under the server the application is running and make it a new part of the application or server.", "title": "Vulnerability description" }, { "category": "summary", "text": "postgresql-jdbc: Arbitrary File Write Vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat informs that although there\u0027s a difference from NVD CVSSv3 score there\u0027s a especial occasion in this CVE that maintain it as a moderate. The scenario for an attacker to get a benefit in this situation requires them to have access to modify a configuration file and write a file where it\u0027s needed. This require non-default configuration and also it\u0027s not expected to allow an untrusted user to perform this kind of setting.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.1 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-26520" }, { "category": "external", "summary": "RHBZ#2064007", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064007" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-26520", "url": "https://www.cve.org/CVERecord?id=CVE-2022-26520" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26520", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26520" } ], "release_date": "2022-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", "product_ids": [ "RHPAM 7.13.1 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6813" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "RHPAM 7.13.1 async" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "postgresql-jdbc: Arbitrary File Write Vulnerability" }, { "cve": "CVE-2022-31129", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-07-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2105075" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "moment: inefficient parsing algorithm resulting in DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.1 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-31129" }, { "category": "external", "summary": "RHBZ#2105075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31129", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31129" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g", "url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g" } ], "release_date": "2022-07-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nRed Hat recommends that you halt the server by stopping the JBoss Application Server process before installing this update. After installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link. You must log in to download the update.", "product_ids": [ "RHPAM 7.13.1 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6813" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "RHPAM 7.13.1 async" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "moment: inefficient parsing algorithm resulting in DoS" } ] }
rhsa-2022_1739
Vulnerability from csaf_redhat
Published
2022-05-05 18:02
Modified
2024-09-18 04:47
Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.1.2.1 containers security update
Notes
Topic
An update for is now available for OpenShift Service Mesh 2.1.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.
This advisory covers the containers for the release.
Security Fix(es):
* minimist: prototype pollution (CVE-2021-44906)
* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)
* follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)
* node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery (CVE-2022-24771)
* node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery (CVE-2022-24772)
* node-forge: Signature verification leniency in checking `DigestInfo` structure (CVE-2022-24773)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for is now available for OpenShift Service Mesh 2.1.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Service Mesh is Red Hat\u0027s distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.\n\nThis advisory covers the containers for the release.\n\nSecurity Fix(es):\n\n* minimist: prototype pollution (CVE-2021-44906)\n* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)\n* follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)\n* node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery (CVE-2022-24771)\n* node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery (CVE-2022-24772)\n* node-forge: Signature verification leniency in checking `DigestInfo` structure (CVE-2022-24773)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:1739", "url": "https://access.redhat.com/errata/RHSA-2022:1739" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2044591", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044591" }, { "category": "external", "summary": "2053259", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053259" }, { "category": "external", "summary": "2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "2067387", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067387" }, { "category": "external", "summary": "2067458", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067458" }, { "category": "external", "summary": "2067461", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067461" }, { "category": "external", "summary": "OSSM-1435", "url": "https://issues.redhat.com/browse/OSSM-1435" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2022/rhsa-2022_1739.json" } ], "title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.1.2.1 containers security update", "tracking": { "current_release_date": "2024-09-18T04:47:27+00:00", "generator": { "date": "2024-09-18T04:47:27+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2022:1739", "initial_release_date": "2022-05-05T18:02:37+00:00", "revision_history": [ { "date": "2022-05-05T18:02:37+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-05-05T18:02:37+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-18T04:47:27+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "OpenShift Service Mesh 2.1", "product": { "name": "OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:service_mesh:2.1::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Service Mesh" }, { "branches": [ { "category": "product_version", "name": "openshift-service-mesh/kiali-rhel8@sha256:b4adcc404793aa643428a07885581241286ed0593ca88c2ae0593efc20a9244e_s390x", "product": { "name": "openshift-service-mesh/kiali-rhel8@sha256:b4adcc404793aa643428a07885581241286ed0593ca88c2ae0593efc20a9244e_s390x", "product_id": "openshift-service-mesh/kiali-rhel8@sha256:b4adcc404793aa643428a07885581241286ed0593ca88c2ae0593efc20a9244e_s390x", "product_identification_helper": { "purl": "pkg:oci/kiali-rhel8@sha256:b4adcc404793aa643428a07885581241286ed0593ca88c2ae0593efc20a9244e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.36.9-1" } } }, { "category": "product_version", "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:278b369e56a3d9d15e06140446dcc25cd58279c001f81305c2cd4431a5d17901_s390x", "product": { "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:278b369e56a3d9d15e06140446dcc25cd58279c001f81305c2cd4431a5d17901_s390x", "product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:278b369e56a3d9d15e06140446dcc25cd58279c001f81305c2cd4431a5d17901_s390x", "product_identification_helper": { "purl": "pkg:oci/kiali-rhel8-operator@sha256:278b369e56a3d9d15e06140446dcc25cd58279c001f81305c2cd4431a5d17901?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.36.9-2" } } }, { "category": "product_version", "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:cfa0361b9fe8e40a81fe5f1e278ad7a3598567e0ae80a84345ef0a520c1be8f4_s390x", "product": { "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:cfa0361b9fe8e40a81fe5f1e278ad7a3598567e0ae80a84345ef0a520c1be8f4_s390x", "product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:cfa0361b9fe8e40a81fe5f1e278ad7a3598567e0ae80a84345ef0a520c1be8f4_s390x", "product_identification_helper": { "purl": "pkg:oci/istio-must-gather-rhel8@sha256:cfa0361b9fe8e40a81fe5f1e278ad7a3598567e0ae80a84345ef0a520c1be8f4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.1.2-3" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "openshift-service-mesh/kiali-rhel8@sha256:00bf086034f38940086c4f92343b5e239d590cb35b2019d71e4cdb4f0f28b61e_amd64", "product": { "name": "openshift-service-mesh/kiali-rhel8@sha256:00bf086034f38940086c4f92343b5e239d590cb35b2019d71e4cdb4f0f28b61e_amd64", "product_id": "openshift-service-mesh/kiali-rhel8@sha256:00bf086034f38940086c4f92343b5e239d590cb35b2019d71e4cdb4f0f28b61e_amd64", "product_identification_helper": { "purl": "pkg:oci/kiali-rhel8@sha256:00bf086034f38940086c4f92343b5e239d590cb35b2019d71e4cdb4f0f28b61e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.36.9-1" } } }, { "category": "product_version", "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:bec742ce66c9d1c1bd484c404d3e80e11d72e118f990df3d24bbb0d66e04d498_amd64", "product": { "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:bec742ce66c9d1c1bd484c404d3e80e11d72e118f990df3d24bbb0d66e04d498_amd64", "product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:bec742ce66c9d1c1bd484c404d3e80e11d72e118f990df3d24bbb0d66e04d498_amd64", "product_identification_helper": { "purl": "pkg:oci/kiali-rhel8-operator@sha256:bec742ce66c9d1c1bd484c404d3e80e11d72e118f990df3d24bbb0d66e04d498?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.36.9-2" } } }, { "category": "product_version", "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:5474cbf94f487f1562ad768a229a73c103c853dc5dfa2efb3a3eb77729256bf9_amd64", "product": { "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:5474cbf94f487f1562ad768a229a73c103c853dc5dfa2efb3a3eb77729256bf9_amd64", "product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:5474cbf94f487f1562ad768a229a73c103c853dc5dfa2efb3a3eb77729256bf9_amd64", "product_identification_helper": { "purl": "pkg:oci/istio-must-gather-rhel8@sha256:5474cbf94f487f1562ad768a229a73c103c853dc5dfa2efb3a3eb77729256bf9?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.1.2-3" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "openshift-service-mesh/kiali-rhel8@sha256:ec7762e97ecec4a90cd93393bcca856a22643c5df52e3605adb7463b27866849_ppc64le", "product": { "name": "openshift-service-mesh/kiali-rhel8@sha256:ec7762e97ecec4a90cd93393bcca856a22643c5df52e3605adb7463b27866849_ppc64le", "product_id": "openshift-service-mesh/kiali-rhel8@sha256:ec7762e97ecec4a90cd93393bcca856a22643c5df52e3605adb7463b27866849_ppc64le", "product_identification_helper": { "purl": "pkg:oci/kiali-rhel8@sha256:ec7762e97ecec4a90cd93393bcca856a22643c5df52e3605adb7463b27866849?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.36.9-1" } } }, { "category": "product_version", "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:c39704bb84a8a070752c0eb4c507c4a73f2fb90eaf563ca8e48a27fadafc8775_ppc64le", "product": { "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:c39704bb84a8a070752c0eb4c507c4a73f2fb90eaf563ca8e48a27fadafc8775_ppc64le", "product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:c39704bb84a8a070752c0eb4c507c4a73f2fb90eaf563ca8e48a27fadafc8775_ppc64le", "product_identification_helper": { "purl": "pkg:oci/kiali-rhel8-operator@sha256:c39704bb84a8a070752c0eb4c507c4a73f2fb90eaf563ca8e48a27fadafc8775?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.36.9-2" } } }, { "category": "product_version", "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:1b9dbbab044ab8e968d2759a11d703bd25cd9ea398f781810d8ee42f17bea6ae_ppc64le", "product": { "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:1b9dbbab044ab8e968d2759a11d703bd25cd9ea398f781810d8ee42f17bea6ae_ppc64le", "product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:1b9dbbab044ab8e968d2759a11d703bd25cd9ea398f781810d8ee42f17bea6ae_ppc64le", "product_identification_helper": { "purl": "pkg:oci/istio-must-gather-rhel8@sha256:1b9dbbab044ab8e968d2759a11d703bd25cd9ea398f781810d8ee42f17bea6ae?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.1.2-3" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:1b9dbbab044ab8e968d2759a11d703bd25cd9ea398f781810d8ee42f17bea6ae_ppc64le as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:1b9dbbab044ab8e968d2759a11d703bd25cd9ea398f781810d8ee42f17bea6ae_ppc64le" }, "product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:1b9dbbab044ab8e968d2759a11d703bd25cd9ea398f781810d8ee42f17bea6ae_ppc64le", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:5474cbf94f487f1562ad768a229a73c103c853dc5dfa2efb3a3eb77729256bf9_amd64 as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:5474cbf94f487f1562ad768a229a73c103c853dc5dfa2efb3a3eb77729256bf9_amd64" }, "product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:5474cbf94f487f1562ad768a229a73c103c853dc5dfa2efb3a3eb77729256bf9_amd64", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:cfa0361b9fe8e40a81fe5f1e278ad7a3598567e0ae80a84345ef0a520c1be8f4_s390x as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:cfa0361b9fe8e40a81fe5f1e278ad7a3598567e0ae80a84345ef0a520c1be8f4_s390x" }, "product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:cfa0361b9fe8e40a81fe5f1e278ad7a3598567e0ae80a84345ef0a520c1be8f4_s390x", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:278b369e56a3d9d15e06140446dcc25cd58279c001f81305c2cd4431a5d17901_s390x as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:278b369e56a3d9d15e06140446dcc25cd58279c001f81305c2cd4431a5d17901_s390x" }, "product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:278b369e56a3d9d15e06140446dcc25cd58279c001f81305c2cd4431a5d17901_s390x", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:bec742ce66c9d1c1bd484c404d3e80e11d72e118f990df3d24bbb0d66e04d498_amd64 as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:bec742ce66c9d1c1bd484c404d3e80e11d72e118f990df3d24bbb0d66e04d498_amd64" }, "product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:bec742ce66c9d1c1bd484c404d3e80e11d72e118f990df3d24bbb0d66e04d498_amd64", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:c39704bb84a8a070752c0eb4c507c4a73f2fb90eaf563ca8e48a27fadafc8775_ppc64le as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:c39704bb84a8a070752c0eb4c507c4a73f2fb90eaf563ca8e48a27fadafc8775_ppc64le" }, "product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:c39704bb84a8a070752c0eb4c507c4a73f2fb90eaf563ca8e48a27fadafc8775_ppc64le", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/kiali-rhel8@sha256:00bf086034f38940086c4f92343b5e239d590cb35b2019d71e4cdb4f0f28b61e_amd64 as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:00bf086034f38940086c4f92343b5e239d590cb35b2019d71e4cdb4f0f28b61e_amd64" }, "product_reference": "openshift-service-mesh/kiali-rhel8@sha256:00bf086034f38940086c4f92343b5e239d590cb35b2019d71e4cdb4f0f28b61e_amd64", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/kiali-rhel8@sha256:b4adcc404793aa643428a07885581241286ed0593ca88c2ae0593efc20a9244e_s390x as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b4adcc404793aa643428a07885581241286ed0593ca88c2ae0593efc20a9244e_s390x" }, "product_reference": "openshift-service-mesh/kiali-rhel8@sha256:b4adcc404793aa643428a07885581241286ed0593ca88c2ae0593efc20a9244e_s390x", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/kiali-rhel8@sha256:ec7762e97ecec4a90cd93393bcca856a22643c5df52e3605adb7463b27866849_ppc64le as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:ec7762e97ecec4a90cd93393bcca856a22643c5df52e3605adb7463b27866849_ppc64le" }, "product_reference": "openshift-service-mesh/kiali-rhel8@sha256:ec7762e97ecec4a90cd93393bcca856a22643c5df52e3605adb7463b27866849_ppc64le", "relates_to_product_reference": "8Base-OSSM-2.1" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-44906", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-03-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:1b9dbbab044ab8e968d2759a11d703bd25cd9ea398f781810d8ee42f17bea6ae_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:5474cbf94f487f1562ad768a229a73c103c853dc5dfa2efb3a3eb77729256bf9_amd64", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:cfa0361b9fe8e40a81fe5f1e278ad7a3598567e0ae80a84345ef0a520c1be8f4_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:278b369e56a3d9d15e06140446dcc25cd58279c001f81305c2cd4431a5d17901_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:bec742ce66c9d1c1bd484c404d3e80e11d72e118f990df3d24bbb0d66e04d498_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:c39704bb84a8a070752c0eb4c507c4a73f2fb90eaf563ca8e48a27fadafc8775_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066009" } ], "notes": [ { "category": "description", "text": "An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "minimist: prototype pollution", "title": "Vulnerability summary" }, { "category": "other", "text": "The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. While this flaw (CVE-2021-44906) enables attackers to control objects that they should not have access to, actual exploitation would still require a chain of independent flaws. Even though the CVSS for CVE-2021-44906 is higher than CVE-2020-7598, they are both rated as having Moderate impact.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:00bf086034f38940086c4f92343b5e239d590cb35b2019d71e4cdb4f0f28b61e_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b4adcc404793aa643428a07885581241286ed0593ca88c2ae0593efc20a9244e_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:ec7762e97ecec4a90cd93393bcca856a22643c5df52e3605adb7463b27866849_ppc64le" ], "known_not_affected": [ "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:1b9dbbab044ab8e968d2759a11d703bd25cd9ea398f781810d8ee42f17bea6ae_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:5474cbf94f487f1562ad768a229a73c103c853dc5dfa2efb3a3eb77729256bf9_amd64", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:cfa0361b9fe8e40a81fe5f1e278ad7a3598567e0ae80a84345ef0a520c1be8f4_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:278b369e56a3d9d15e06140446dcc25cd58279c001f81305c2cd4431a5d17901_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:bec742ce66c9d1c1bd484c404d3e80e11d72e118f990df3d24bbb0d66e04d498_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:c39704bb84a8a070752c0eb4c507c4a73f2fb90eaf563ca8e48a27fadafc8775_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44906" }, { "category": "external", "summary": "RHBZ#2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h" } ], "release_date": "2022-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe OpenShift Service Mesh Release Notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", "product_ids": [ "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:00bf086034f38940086c4f92343b5e239d590cb35b2019d71e4cdb4f0f28b61e_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b4adcc404793aa643428a07885581241286ed0593ca88c2ae0593efc20a9244e_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:ec7762e97ecec4a90cd93393bcca856a22643c5df52e3605adb7463b27866849_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1739" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:00bf086034f38940086c4f92343b5e239d590cb35b2019d71e4cdb4f0f28b61e_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b4adcc404793aa643428a07885581241286ed0593ca88c2ae0593efc20a9244e_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:ec7762e97ecec4a90cd93393bcca856a22643c5df52e3605adb7463b27866849_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "minimist: prototype pollution" }, { "cve": "CVE-2022-0235", "cwe": { "id": "CWE-601", "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)" }, "discovery_date": "2022-01-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:1b9dbbab044ab8e968d2759a11d703bd25cd9ea398f781810d8ee42f17bea6ae_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:5474cbf94f487f1562ad768a229a73c103c853dc5dfa2efb3a3eb77729256bf9_amd64", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:cfa0361b9fe8e40a81fe5f1e278ad7a3598567e0ae80a84345ef0a520c1be8f4_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:278b369e56a3d9d15e06140446dcc25cd58279c001f81305c2cd4431a5d17901_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:bec742ce66c9d1c1bd484c404d3e80e11d72e118f990df3d24bbb0d66e04d498_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:c39704bb84a8a070752c0eb4c507c4a73f2fb90eaf563ca8e48a27fadafc8775_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2044591" } ], "notes": [ { "category": "description", "text": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "title": "Vulnerability description" }, { "category": "summary", "text": "node-fetch: exposure of sensitive information to an unauthorized actor", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is out of support scope for dotnet-5.0. For more information about Dotnet product support scope, please see https://access.redhat.com/support/policy/updates/net-core", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:00bf086034f38940086c4f92343b5e239d590cb35b2019d71e4cdb4f0f28b61e_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b4adcc404793aa643428a07885581241286ed0593ca88c2ae0593efc20a9244e_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:ec7762e97ecec4a90cd93393bcca856a22643c5df52e3605adb7463b27866849_ppc64le" ], "known_not_affected": [ "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:1b9dbbab044ab8e968d2759a11d703bd25cd9ea398f781810d8ee42f17bea6ae_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:5474cbf94f487f1562ad768a229a73c103c853dc5dfa2efb3a3eb77729256bf9_amd64", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:cfa0361b9fe8e40a81fe5f1e278ad7a3598567e0ae80a84345ef0a520c1be8f4_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:278b369e56a3d9d15e06140446dcc25cd58279c001f81305c2cd4431a5d17901_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:bec742ce66c9d1c1bd484c404d3e80e11d72e118f990df3d24bbb0d66e04d498_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:c39704bb84a8a070752c0eb4c507c4a73f2fb90eaf563ca8e48a27fadafc8775_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0235" }, { "category": "external", "summary": "RHBZ#2044591", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044591" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0235", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0235" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0235", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0235" }, { "category": "external", "summary": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/", "url": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/" } ], "release_date": "2022-01-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe OpenShift Service Mesh Release Notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", "product_ids": [ "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:00bf086034f38940086c4f92343b5e239d590cb35b2019d71e4cdb4f0f28b61e_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b4adcc404793aa643428a07885581241286ed0593ca88c2ae0593efc20a9244e_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:ec7762e97ecec4a90cd93393bcca856a22643c5df52e3605adb7463b27866849_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1739" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:00bf086034f38940086c4f92343b5e239d590cb35b2019d71e4cdb4f0f28b61e_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b4adcc404793aa643428a07885581241286ed0593ca88c2ae0593efc20a9244e_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:ec7762e97ecec4a90cd93393bcca856a22643c5df52e3605adb7463b27866849_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "node-fetch: exposure of sensitive information to an unauthorized actor" }, { "cve": "CVE-2022-0536", "cwe": { "id": "CWE-212", "name": "Improper Removal of Sensitive Information Before Storage or Transfer" }, "discovery_date": "2022-02-10T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:1b9dbbab044ab8e968d2759a11d703bd25cd9ea398f781810d8ee42f17bea6ae_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:5474cbf94f487f1562ad768a229a73c103c853dc5dfa2efb3a3eb77729256bf9_amd64", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:cfa0361b9fe8e40a81fe5f1e278ad7a3598567e0ae80a84345ef0a520c1be8f4_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:278b369e56a3d9d15e06140446dcc25cd58279c001f81305c2cd4431a5d17901_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:bec742ce66c9d1c1bd484c404d3e80e11d72e118f990df3d24bbb0d66e04d498_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:c39704bb84a8a070752c0eb4c507c4a73f2fb90eaf563ca8e48a27fadafc8775_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2053259" } ], "notes": [ { "category": "description", "text": "A flaw was found in the follow-redirects package. This flaw allows the exposure of sensitive information to an unauthorized actor due to the usage of insecure HTTP protocol. This issue happens with an Authorization header leak from the same hostname, https-http, and requires a Man-in-the-Middle (MITM) attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "follow-redirects: Exposure of Sensitive Information via Authorization Header leak", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:00bf086034f38940086c4f92343b5e239d590cb35b2019d71e4cdb4f0f28b61e_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b4adcc404793aa643428a07885581241286ed0593ca88c2ae0593efc20a9244e_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:ec7762e97ecec4a90cd93393bcca856a22643c5df52e3605adb7463b27866849_ppc64le" ], "known_not_affected": [ "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:1b9dbbab044ab8e968d2759a11d703bd25cd9ea398f781810d8ee42f17bea6ae_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:5474cbf94f487f1562ad768a229a73c103c853dc5dfa2efb3a3eb77729256bf9_amd64", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:cfa0361b9fe8e40a81fe5f1e278ad7a3598567e0ae80a84345ef0a520c1be8f4_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:278b369e56a3d9d15e06140446dcc25cd58279c001f81305c2cd4431a5d17901_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:bec742ce66c9d1c1bd484c404d3e80e11d72e118f990df3d24bbb0d66e04d498_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:c39704bb84a8a070752c0eb4c507c4a73f2fb90eaf563ca8e48a27fadafc8775_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0536" }, { "category": "external", "summary": "RHBZ#2053259", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053259" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0536", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0536" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0536", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0536" } ], "release_date": "2022-02-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe OpenShift Service Mesh Release Notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", "product_ids": [ "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:00bf086034f38940086c4f92343b5e239d590cb35b2019d71e4cdb4f0f28b61e_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b4adcc404793aa643428a07885581241286ed0593ca88c2ae0593efc20a9244e_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:ec7762e97ecec4a90cd93393bcca856a22643c5df52e3605adb7463b27866849_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1739" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:00bf086034f38940086c4f92343b5e239d590cb35b2019d71e4cdb4f0f28b61e_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b4adcc404793aa643428a07885581241286ed0593ca88c2ae0593efc20a9244e_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:ec7762e97ecec4a90cd93393bcca856a22643c5df52e3605adb7463b27866849_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "follow-redirects: Exposure of Sensitive Information via Authorization Header leak" }, { "cve": "CVE-2022-24771", "cwe": { "id": "CWE-347", "name": "Improper Verification of Cryptographic Signature" }, "discovery_date": "2022-03-23T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:1b9dbbab044ab8e968d2759a11d703bd25cd9ea398f781810d8ee42f17bea6ae_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:5474cbf94f487f1562ad768a229a73c103c853dc5dfa2efb3a3eb77729256bf9_amd64", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:cfa0361b9fe8e40a81fe5f1e278ad7a3598567e0ae80a84345ef0a520c1be8f4_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:278b369e56a3d9d15e06140446dcc25cd58279c001f81305c2cd4431a5d17901_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:bec742ce66c9d1c1bd484c404d3e80e11d72e118f990df3d24bbb0d66e04d498_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:c39704bb84a8a070752c0eb4c507c4a73f2fb90eaf563ca8e48a27fadafc8775_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2067387" } ], "notes": [ { "category": "description", "text": "A flaw was found in the node-forge package. This signature verification leniency allows an attacker to forge a signature.", "title": "Vulnerability description" }, { "category": "summary", "text": "node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw affects the DigestAlgorithm structure.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:00bf086034f38940086c4f92343b5e239d590cb35b2019d71e4cdb4f0f28b61e_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b4adcc404793aa643428a07885581241286ed0593ca88c2ae0593efc20a9244e_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:ec7762e97ecec4a90cd93393bcca856a22643c5df52e3605adb7463b27866849_ppc64le" ], "known_not_affected": [ "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:1b9dbbab044ab8e968d2759a11d703bd25cd9ea398f781810d8ee42f17bea6ae_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:5474cbf94f487f1562ad768a229a73c103c853dc5dfa2efb3a3eb77729256bf9_amd64", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:cfa0361b9fe8e40a81fe5f1e278ad7a3598567e0ae80a84345ef0a520c1be8f4_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:278b369e56a3d9d15e06140446dcc25cd58279c001f81305c2cd4431a5d17901_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:bec742ce66c9d1c1bd484c404d3e80e11d72e118f990df3d24bbb0d66e04d498_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:c39704bb84a8a070752c0eb4c507c4a73f2fb90eaf563ca8e48a27fadafc8775_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24771" }, { "category": "external", "summary": "RHBZ#2067387", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067387" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24771", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24771" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24771", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24771" }, { "category": "external", "summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765", "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765" } ], "release_date": "2022-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe OpenShift Service Mesh Release Notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", "product_ids": [ "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:00bf086034f38940086c4f92343b5e239d590cb35b2019d71e4cdb4f0f28b61e_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b4adcc404793aa643428a07885581241286ed0593ca88c2ae0593efc20a9244e_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:ec7762e97ecec4a90cd93393bcca856a22643c5df52e3605adb7463b27866849_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1739" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:00bf086034f38940086c4f92343b5e239d590cb35b2019d71e4cdb4f0f28b61e_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b4adcc404793aa643428a07885581241286ed0593ca88c2ae0593efc20a9244e_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:ec7762e97ecec4a90cd93393bcca856a22643c5df52e3605adb7463b27866849_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery" }, { "cve": "CVE-2022-24772", "cwe": { "id": "CWE-347", "name": "Improper Verification of Cryptographic Signature" }, "discovery_date": "2022-03-23T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:1b9dbbab044ab8e968d2759a11d703bd25cd9ea398f781810d8ee42f17bea6ae_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:5474cbf94f487f1562ad768a229a73c103c853dc5dfa2efb3a3eb77729256bf9_amd64", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:cfa0361b9fe8e40a81fe5f1e278ad7a3598567e0ae80a84345ef0a520c1be8f4_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:278b369e56a3d9d15e06140446dcc25cd58279c001f81305c2cd4431a5d17901_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:bec742ce66c9d1c1bd484c404d3e80e11d72e118f990df3d24bbb0d66e04d498_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:c39704bb84a8a070752c0eb4c507c4a73f2fb90eaf563ca8e48a27fadafc8775_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2067458" } ], "notes": [ { "category": "description", "text": "A flaw was found in the node-forge package. This signature verification leniency allows an attacker to forge a signature.", "title": "Vulnerability description" }, { "category": "summary", "text": "node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw affects the DigestInfo ASN.1 structure.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:00bf086034f38940086c4f92343b5e239d590cb35b2019d71e4cdb4f0f28b61e_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b4adcc404793aa643428a07885581241286ed0593ca88c2ae0593efc20a9244e_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:ec7762e97ecec4a90cd93393bcca856a22643c5df52e3605adb7463b27866849_ppc64le" ], "known_not_affected": [ "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:1b9dbbab044ab8e968d2759a11d703bd25cd9ea398f781810d8ee42f17bea6ae_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:5474cbf94f487f1562ad768a229a73c103c853dc5dfa2efb3a3eb77729256bf9_amd64", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:cfa0361b9fe8e40a81fe5f1e278ad7a3598567e0ae80a84345ef0a520c1be8f4_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:278b369e56a3d9d15e06140446dcc25cd58279c001f81305c2cd4431a5d17901_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:bec742ce66c9d1c1bd484c404d3e80e11d72e118f990df3d24bbb0d66e04d498_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:c39704bb84a8a070752c0eb4c507c4a73f2fb90eaf563ca8e48a27fadafc8775_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24772" }, { "category": "external", "summary": "RHBZ#2067458", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067458" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24772", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24772" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24772", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24772" }, { "category": "external", "summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g", "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g" } ], "release_date": "2022-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe OpenShift Service Mesh Release Notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", "product_ids": [ "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:00bf086034f38940086c4f92343b5e239d590cb35b2019d71e4cdb4f0f28b61e_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b4adcc404793aa643428a07885581241286ed0593ca88c2ae0593efc20a9244e_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:ec7762e97ecec4a90cd93393bcca856a22643c5df52e3605adb7463b27866849_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1739" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:00bf086034f38940086c4f92343b5e239d590cb35b2019d71e4cdb4f0f28b61e_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b4adcc404793aa643428a07885581241286ed0593ca88c2ae0593efc20a9244e_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:ec7762e97ecec4a90cd93393bcca856a22643c5df52e3605adb7463b27866849_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery" }, { "cve": "CVE-2022-24773", "cwe": { "id": "CWE-347", "name": "Improper Verification of Cryptographic Signature" }, "discovery_date": "2022-03-23T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:1b9dbbab044ab8e968d2759a11d703bd25cd9ea398f781810d8ee42f17bea6ae_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:5474cbf94f487f1562ad768a229a73c103c853dc5dfa2efb3a3eb77729256bf9_amd64", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:cfa0361b9fe8e40a81fe5f1e278ad7a3598567e0ae80a84345ef0a520c1be8f4_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:278b369e56a3d9d15e06140446dcc25cd58279c001f81305c2cd4431a5d17901_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:bec742ce66c9d1c1bd484c404d3e80e11d72e118f990df3d24bbb0d66e04d498_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:c39704bb84a8a070752c0eb4c507c4a73f2fb90eaf563ca8e48a27fadafc8775_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2067461" } ], "notes": [ { "category": "description", "text": "A flaw was found in the node-forge library when verifying the signature on the ASN.1 structure in RSA PKCS#1 v1.5. This flaw allows an attacker to obtain successful verification for invalid DigestInfo structure, affecting the integrity of the attacked resource.", "title": "Vulnerability description" }, { "category": "summary", "text": "node-forge: Signature verification leniency in checking `DigestInfo` structure", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:00bf086034f38940086c4f92343b5e239d590cb35b2019d71e4cdb4f0f28b61e_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b4adcc404793aa643428a07885581241286ed0593ca88c2ae0593efc20a9244e_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:ec7762e97ecec4a90cd93393bcca856a22643c5df52e3605adb7463b27866849_ppc64le" ], "known_not_affected": [ "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:1b9dbbab044ab8e968d2759a11d703bd25cd9ea398f781810d8ee42f17bea6ae_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:5474cbf94f487f1562ad768a229a73c103c853dc5dfa2efb3a3eb77729256bf9_amd64", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:cfa0361b9fe8e40a81fe5f1e278ad7a3598567e0ae80a84345ef0a520c1be8f4_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:278b369e56a3d9d15e06140446dcc25cd58279c001f81305c2cd4431a5d17901_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:bec742ce66c9d1c1bd484c404d3e80e11d72e118f990df3d24bbb0d66e04d498_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:c39704bb84a8a070752c0eb4c507c4a73f2fb90eaf563ca8e48a27fadafc8775_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24773" }, { "category": "external", "summary": "RHBZ#2067461", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067461" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24773", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24773" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24773", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24773" }, { "category": "external", "summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-2r2c-g63r-vccr", "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-2r2c-g63r-vccr" } ], "release_date": "2022-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe OpenShift Service Mesh Release Notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", "product_ids": [ "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:00bf086034f38940086c4f92343b5e239d590cb35b2019d71e4cdb4f0f28b61e_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b4adcc404793aa643428a07885581241286ed0593ca88c2ae0593efc20a9244e_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:ec7762e97ecec4a90cd93393bcca856a22643c5df52e3605adb7463b27866849_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1739" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:00bf086034f38940086c4f92343b5e239d590cb35b2019d71e4cdb4f0f28b61e_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b4adcc404793aa643428a07885581241286ed0593ca88c2ae0593efc20a9244e_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:ec7762e97ecec4a90cd93393bcca856a22643c5df52e3605adb7463b27866849_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "node-forge: Signature verification leniency in checking `DigestInfo` structure" } ] }
rhsa-2022_4914
Vulnerability from csaf_redhat
Published
2022-06-06 09:29
Modified
2024-09-16 21:41
Summary
Red Hat Security Advisory: rh-nodejs12-nodejs security, bug fix, and enhancement update
Notes
Topic
An update for rh-nodejs12-nodejs is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: rh-nodejs12-nodejs (12.22.12). This is the last planned rebase before the collection reaches End of Life.
Security Fix(es):
* nodejs-json-schema: Prototype pollution vulnerability (CVE-2021-3918)
* nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite (CVE-2021-37701)
* nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite (CVE-2021-37712)
* nodejs: Improper handling of URI Subject Alternative Names (CVE-2021-44531)
* nodejs: Certificate Verification Bypass via String Injection (CVE-2021-44532)
* nodejs: Incorrect handling of certificate subject and issuer fields (CVE-2021-44533)
* minimist: prototype pollution (CVE-2021-44906)
* llhttp: HTTP Request Smuggling due to spaces in headers (CVE-2021-22959)
* llhttp: HTTP Request Smuggling when parsing the body of chunked requests (CVE-2021-22960)
* nodejs: Prototype pollution via console.table properties (CVE-2022-21824)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for rh-nodejs12-nodejs is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: rh-nodejs12-nodejs (12.22.12). This is the last planned rebase before the collection reaches End of Life.\n\nSecurity Fix(es):\n\n* nodejs-json-schema: Prototype pollution vulnerability (CVE-2021-3918)\n\n* nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite (CVE-2021-37701)\n\n* nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite (CVE-2021-37712)\n\n* nodejs: Improper handling of URI Subject Alternative Names (CVE-2021-44531)\n\n* nodejs: Certificate Verification Bypass via String Injection (CVE-2021-44532)\n\n* nodejs: Incorrect handling of certificate subject and issuer fields (CVE-2021-44533)\n\n* minimist: prototype pollution (CVE-2021-44906)\n\n* llhttp: HTTP Request Smuggling due to spaces in headers (CVE-2021-22959)\n\n* llhttp: HTTP Request Smuggling when parsing the body of chunked requests (CVE-2021-22960)\n\n* nodejs: Prototype pollution via console.table properties (CVE-2022-21824)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:4914", "url": "https://access.redhat.com/errata/RHSA-2022:4914" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1999731", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999731" }, { "category": "external", "summary": "1999739", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999739" }, { "category": "external", "summary": "2014057", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014057" }, { "category": "external", "summary": "2014059", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014059" }, { "category": "external", "summary": "2024702", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024702" }, { "category": "external", "summary": "2040839", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040839" }, { "category": "external", "summary": "2040846", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040846" }, { "category": "external", "summary": "2040856", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040856" }, { "category": "external", "summary": "2040862", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040862" }, { "category": "external", "summary": "2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2022/rhsa-2022_4914.json" } ], "title": "Red Hat Security Advisory: rh-nodejs12-nodejs security, bug fix, and enhancement update", "tracking": { "current_release_date": "2024-09-16T21:41:18+00:00", "generator": { "date": "2024-09-16T21:41:18+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2022:4914", "initial_release_date": "2022-06-06T09:29:16+00:00", "revision_history": [ { "date": "2022-06-06T09:29:16+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-06-06T09:29:16+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-16T21:41:18+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Software Collections for RHEL Workstation(v. 7)", "product": { "name": "Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for RHEL(v. 7)", "product": { "name": "Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } } ], "category": "product_family", "name": "Red Hat Software Collections" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "product": { "name": "rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "product_id": "rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs@12.22.12-2.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "product": { "name": "rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "product_id": "rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs@12.22.12-2.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "product": { "name": "rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "product_id": "rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs-devel@12.22.12-2.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64", "product": { "name": "rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64", "product_id": "rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-npm@6.14.16-12.22.12.2.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "product": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "product_id": "rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs-debuginfo@12.22.12-2.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "product": { "name": "rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "product_id": "rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs-docs@12.22.12-2.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "product": { "name": "rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "product_id": "rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs@12.22.12-2.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "product": { "name": "rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "product_id": "rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs-devel@12.22.12-2.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "product": { "name": "rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "product_id": "rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-npm@6.14.16-12.22.12.2.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "product": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "product_id": "rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs-debuginfo@12.22.12-2.el7?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "product": { "name": "rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "product_id": "rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs@12.22.12-2.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "product": { "name": "rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "product_id": "rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs-devel@12.22.12-2.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "product": { "name": "rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "product_id": "rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-npm@6.14.16-12.22.12.2.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "product": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "product_id": "rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs12-nodejs-debuginfo@12.22.12-2.el7?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.22.12-2.el7.src as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src" }, "product_reference": "rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch" }, "product_reference": "rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le" }, "product_reference": "rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x" }, "product_reference": "rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64" }, "product_reference": "rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.22.12-2.el7.src as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src" }, "product_reference": "rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64" }, "product_reference": "rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch" }, "product_reference": "rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le" }, "product_reference": "rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x" }, "product_reference": "rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64" }, "product_reference": "rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.8" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-3918", "cwe": { "id": "CWE-915", "name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes" }, "discovery_date": "2021-11-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2024702" } ], "notes": [ { "category": "description", "text": "The json-schema Node.JS library was vulnerable to prototype pollution during the validation of a JSON object. An attacker, able to provide a specially crafted JSON file for validation, could use this flaw to modify the behavior of the node program, to, for example, execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-json-schema: Prototype pollution vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "npm versions 8.0.0 and older provide a vulnerable version of the json-schema library. However, it is currently believed that in the context of npm, it is not possible to take advantage of the vulnerability.\n\nRed Hat Enterprise Linux version 8 and Software Collections provide a vulnerable version of the json-schema library only as embedded in the npm package. As a result, the severity of the incident has been lowered for these 2 products.\n\nRed Hat Quay includes json-schema as a development dependency of quay-registry-container. As a result, the impact rating has been lowered to Moderate.\n\nIn Red Hat OpenShift Container Platform (RHOCP), Red Hat Openshift Data Foundations (ODF), Red Hat distributed tracing, Migration Toolkit for Virtualization (MTV) and Red Hat Advanced Cluster Management for Kubernetes (RHACM) the affected components are behind OpenShift OAuth. This restricts access to the vulnerable json-schema library to authenticated users only, therefore the impact is reduced to Moderate.\n\nIn Red Hat Openshift Data Foundations (ODF) the odf4/mcg-core-rhel8 component has \"Will not fix status\", but starting from ODF 4.11 stream this component contains already patched version of the json-schema library. Earlier version of ODF are already under Maintenance Support phase, hence this vulnerability will not be fixed.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3918" }, { "category": "external", "summary": "RHBZ#2024702", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024702" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3918", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3918" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3918", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3918" } ], "release_date": "2021-10-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4914" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs-json-schema: Prototype pollution vulnerability" }, { "cve": "CVE-2021-22959", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-10-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2014057" } ], "notes": [ { "category": "description", "text": "An HTTP Request Smuggling (HRS) vulnerability was found in the llhttp library, used by Node.JS. Spaces as part of the header names were accepted as valid. In situations where HTTP conversations are being proxied (such as proxy, reverse-proxy, load-balancer), an attacker can use this flaw to inject arbitrary messages through the proxy. The highest threat from this vulnerability is to confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "llhttp: HTTP Request Smuggling due to spaces in headers", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore Quay component is marked as \"Will not fix\".", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-22959" }, { "category": "external", "summary": "RHBZ#2014057", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014057" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-22959", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22959" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-22959", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22959" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/" } ], "release_date": "2021-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4914" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "llhttp: HTTP Request Smuggling due to spaces in headers" }, { "cve": "CVE-2021-22960", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-10-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2014059" } ], "notes": [ { "category": "description", "text": "An HTTP Request Smuggling (HRS) vulnerability was found in the llhttp library, used by Node.JS. During the parsing of chunked messages, the chunk size parameter was not validated properly. In situations where HTTP conversations are being proxied (such as proxy, reverse-proxy, load-balancer), an attacker can use this flaw to inject arbitrary messages through the proxy. The highest threat from this vulnerability is to confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "llhttp: HTTP Request Smuggling when parsing the body of chunked requests", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore Quay component is marked as \"Will not fix\".", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-22960" }, { "category": "external", "summary": "RHBZ#2014059", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014059" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-22960", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22960" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-22960", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22960" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/" } ], "release_date": "2021-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4914" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "llhttp: HTTP Request Smuggling when parsing the body of chunked requests" }, { "cve": "CVE-2021-37701", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-08-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1999731" } ], "notes": [ { "category": "description", "text": "A flaw was found in the npm package \"tar\" (aka node-tar). Extracting tar files that contain both a directory and a symlink with the same name, where the symlink and directory names in the archive entry used backslashes as a path separator, made it possible to bypass node-tar symlink checks on directories. This flaw allows an untrusted tar file to extract and overwrite files into an arbitrary location. A similar confusion can arise on case-insensitive filesystems. The highest threat from this vulnerability is to integrity and system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux version 8 and Red Hat Software Collection both embed `node-tar` in the npm command. However, npm explicitly prevents the extraction of symlink via a filter. npm might still be affected via node-gyp, if the attacker is able to control the target URL.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-37701" }, { "category": "external", "summary": "RHBZ#1999731", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999731" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37701", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37701" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37701", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37701" }, { "category": "external", "summary": "https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc", "url": "https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc" }, { "category": "external", "summary": "https://www.npmjs.com/advisories/1779", "url": "https://www.npmjs.com/advisories/1779" } ], "release_date": "2021-08-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4914" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite" }, { "cve": "CVE-2021-37712", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2021-08-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1999739" } ], "notes": [ { "category": "description", "text": "A flaw was found in the npm package \"tar\" (aka node-tar). Extracting tar files that contain two directories and a symlink with names containing Unicode values that normalize to the same value on Windows systems made it possible to bypass node-tar symlink checks on directories. This allows an untrusted tar file to extract and overwrite files into an arbitrary location. The highest threat from this vulnerability is to integrity and system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux version 8 and Red Hat Software Collection both embed `node-tar` in the npm command. However, npm explicitly prevents the extraction of symlink via a filter. npm might still be affected via node-gyp, if the attacker is able to control the target URL.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-37712" }, { "category": "external", "summary": "RHBZ#1999739", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999739" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37712", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37712" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37712", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37712" }, { "category": "external", "summary": "https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p", "url": "https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p" }, { "category": "external", "summary": "https://www.npmjs.com/advisories/1780", "url": "https://www.npmjs.com/advisories/1780" } ], "release_date": "2021-08-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4914" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite" }, { "cve": "CVE-2021-44531", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2022-01-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040839" } ], "notes": [ { "category": "description", "text": "A flaw was found in node.js where it accepted a certificate\u0027s Subject Alternative Names (SAN) entry, as opposed to what is specified by the HTTPS protocol. This flaw allows an active person-in-the-middle to forge a certificate and impersonate a trusted host.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Improper handling of URI Subject Alternative Names", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore Quay component is marked as \"Will not fix\" with impact LOW.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44531" }, { "category": "external", "summary": "RHBZ#2040839", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040839" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44531", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44531" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44531", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44531" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/" } ], "release_date": "2022-01-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4914" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: Improper handling of URI Subject Alternative Names" }, { "cve": "CVE-2021-44532", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2022-01-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040846" } ], "notes": [ { "category": "description", "text": "It was found that node.js did not safely read the x509 certificate generalName format properly, resulting in data injection. A certificate could use a specially crafted extension in order to be successfully validated, permitting an attacker to impersonate a trusted host.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Certificate Verification Bypass via String Injection", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore Quay component is marked as \"Will not fix\" with impact LOW.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44532" }, { "category": "external", "summary": "RHBZ#2040846", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040846" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44532", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44532" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44532", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44532" } ], "release_date": "2022-01-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4914" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: Certificate Verification Bypass via String Injection" }, { "cve": "CVE-2021-44533", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2022-01-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040856" } ], "notes": [ { "category": "description", "text": "A flaw was found in node.js, where it did not properly handle multi-value Relative Distinguished Names. This flaw allows a specially crafted x509 certificate to produce a false multi-value Relative Distinguished Name and to inject arbitrary data in node.js libraries.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Incorrect handling of certificate subject and issuer fields", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally, there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore, the Quay component is marked as \"Will not fix\" with impact LOW.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44533" }, { "category": "external", "summary": "RHBZ#2040856", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040856" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44533", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44533" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44533", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44533" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/" } ], "release_date": "2022-01-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4914" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: Incorrect handling of certificate subject and issuer fields" }, { "cve": "CVE-2021-44906", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066009" } ], "notes": [ { "category": "description", "text": "An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "minimist: prototype pollution", "title": "Vulnerability summary" }, { "category": "other", "text": "The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. While this flaw (CVE-2021-44906) enables attackers to control objects that they should not have access to, actual exploitation would still require a chain of independent flaws. Even though the CVSS for CVE-2021-44906 is higher than CVE-2020-7598, they are both rated as having Moderate impact.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44906" }, { "category": "external", "summary": "RHBZ#2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h" } ], "release_date": "2022-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4914" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "minimist: prototype pollution" }, { "cve": "CVE-2022-21824", "cwe": { "id": "CWE-915", "name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes" }, "discovery_date": "2022-01-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040862" } ], "notes": [ { "category": "description", "text": "Due to the formatting logic of the \"console.table()\" function it was not safe to allow user controlled input to be passed to the \"properties\" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be \"__proto__\". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js \u003e= 12.22.9, \u003e= 14.18.3, \u003e= 16.13.2, and \u003e= 17.3.1 use a null protoype for the object these properties are being assigned to.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Prototype pollution via console.table properties", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore Quay component is marked as \"Will not fix\".", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21824" }, { "category": "external", "summary": "RHBZ#2040862", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040862" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21824", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21824" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21824", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21824" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/" } ], "release_date": "2022-01-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4914" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-debuginfo-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-devel-0:12.22.12-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs12-nodejs-docs-0:12.22.12-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs12-npm-0:6.14.16-12.22.12.2.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "nodejs: Prototype pollution via console.table properties" } ] }
rhsa-2022_8652
Vulnerability from csaf_redhat
Published
2022-11-28 14:39
Modified
2024-09-19 07:52
Summary
Red Hat Security Advisory: Red Hat Fuse 7.11.1 release and security update
Notes
Topic
A minor version update (from 7.11 to 7.11.1) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Red Hat Fuse 7.11.1 serves as a replacement for Red Hat Fuse 7.11 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.
Security Fix(es):
* hsqldb: Untrusted input may lead to RCE attack [fuse-7] (CVE-2022-41853)
* io.hawt-hawtio-online: bootstrap: XSS in the tooltip or popover data-template attribute [fuse-7] (CVE-2019-8331)
* io.hawt-project: bootstrap: XSS in the tooltip or popover data-template attribute [fuse-7] (CVE-2019-8331)
* wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users [fuse-7] (CVE-2021-3717)
* json-smart: Denial of Service in JSONParserByteArray function [fuse-7] (CVE-2021-31684)
* io.hawt-hawtio-integration: minimist: prototype pollution [fuse-7] (CVE-2021-44906)
* urijs: Authorization Bypass Through User-Controlled Key [fuse-7] (CVE-2022-0613)
* http2-server: Invalid HTTP/2 requests cause DoS [fuse-7] (CVE-2022-2048)
* snakeyaml: Denial of Service due to missing nested depth limitation for collections [fuse-7] (CVE-2022-25857)
* urijs: Leading white space bypasses protocol validation [fuse-7] (CVE-2022-24723)
* Moment.js: Path traversal in moment.locale [fuse-7] (CVE-2022-24785)
* netty: world readable temporary file containing sensitive data [fuse-7] (CVE-2022-24823)
* jdbc-postgresql: postgresql: SQL Injection in ResultSet.refreshRow() with malicious column names [fuse-7] (CVE-2022-31197)
* commons-configuration2: apache-commons-configuration: Apache Commons Configuration insecure interpolation defaults [fuse-7] (CVE-2022-33980)
* commons-text: apache-commons-text: variable interpolation RCE [fuse-7] (CVE-2022-42889)
* undertow: Large AJP request may cause DoS [fuse-7] (CVE-2022-2053)
* moment: inefficient parsing algorithm resulting in DoS [fuse-7] (CVE-2022-31129)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode [fuse-7] (CVE-2022-38749)
For more details about the security issues, including the impact, CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A minor version update (from 7.11 to 7.11.1) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "This release of Red Hat Fuse 7.11.1 serves as a replacement for Red Hat Fuse 7.11 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.\n\nSecurity Fix(es):\n\n* hsqldb: Untrusted input may lead to RCE attack [fuse-7] (CVE-2022-41853)\n\n* io.hawt-hawtio-online: bootstrap: XSS in the tooltip or popover data-template attribute [fuse-7] (CVE-2019-8331)\n\n* io.hawt-project: bootstrap: XSS in the tooltip or popover data-template attribute [fuse-7] (CVE-2019-8331)\n\n* wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users [fuse-7] (CVE-2021-3717)\n\n* json-smart: Denial of Service in JSONParserByteArray function [fuse-7] (CVE-2021-31684)\n\n* io.hawt-hawtio-integration: minimist: prototype pollution [fuse-7] (CVE-2021-44906)\n\n* urijs: Authorization Bypass Through User-Controlled Key [fuse-7] (CVE-2022-0613)\n\n* http2-server: Invalid HTTP/2 requests cause DoS [fuse-7] (CVE-2022-2048)\n\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections [fuse-7] (CVE-2022-25857)\n\n* urijs: Leading white space bypasses protocol validation [fuse-7] (CVE-2022-24723)\n\n* Moment.js: Path traversal in moment.locale [fuse-7] (CVE-2022-24785)\n\n* netty: world readable temporary file containing sensitive data [fuse-7] (CVE-2022-24823)\n\n* jdbc-postgresql: postgresql: SQL Injection in ResultSet.refreshRow() with malicious column names [fuse-7] (CVE-2022-31197)\n\n* commons-configuration2: apache-commons-configuration: Apache Commons Configuration insecure interpolation defaults [fuse-7] (CVE-2022-33980)\n\n* commons-text: apache-commons-text: variable interpolation RCE [fuse-7] (CVE-2022-42889)\n\n* undertow: Large AJP request may cause DoS [fuse-7] (CVE-2022-2053)\n\n* moment: inefficient parsing algorithm resulting in DoS [fuse-7] (CVE-2022-31129)\n\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode [fuse-7] (CVE-2022-38749)\n\nFor more details about the security issues, including the impact, CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:8652", "url": "https://access.redhat.com/errata/RHSA-2022:8652" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1686454", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454" }, { "category": "external", "summary": "1991305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991305" }, { "category": "external", "summary": "2055496", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055496" }, { "category": "external", "summary": "2062370", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062370" }, { "category": "external", "summary": "2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "2087186", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087186" }, { "category": "external", "summary": "2095862", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095862" }, { "category": "external", "summary": "2102695", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102695" }, { "category": "external", "summary": "2105067", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105067" }, { "category": "external", "summary": "2105075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075" }, { "category": "external", "summary": "2116952", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116952" }, { "category": "external", "summary": "2126789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789" }, { "category": "external", "summary": "2129428", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129428" }, { "category": "external", "summary": "2129706", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706" }, { "category": "external", "summary": "2135435", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435" }, { "category": "external", "summary": "2136141", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136141" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2022/rhsa-2022_8652.json" } ], "title": "Red Hat Security Advisory: Red Hat Fuse 7.11.1 release and security update", "tracking": { "current_release_date": "2024-09-19T07:52:53+00:00", "generator": { "date": "2024-09-19T07:52:53+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2022:8652", "initial_release_date": "2022-11-28T14:39:27+00:00", "revision_history": [ { "date": "2022-11-28T14:39:27+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-11-28T14:39:27+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-19T07:52:53+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Fuse 7.11.1", "product": { "name": "Red Hat Fuse 7.11.1", "product_id": "Red Hat Fuse 7.11.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_fuse:7" } } } ], "category": "product_family", "name": "Red Hat JBoss Fuse" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-8331", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2019-02-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1686454" } ], "notes": [ { "category": "description", "text": "A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired.", "title": "Vulnerability description" }, { "category": "summary", "text": "bootstrap: XSS in the tooltip or popover data-template attribute", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-8331" }, { "category": "external", "summary": "RHBZ#1686454", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686454" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-8331", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8331" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331" } ], "release_date": "2019-02-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8652" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat Fuse 7.11.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bootstrap: XSS in the tooltip or popover data-template attribute" }, { "cve": "CVE-2021-3717", "cwe": { "id": "CWE-552", "name": "Files or Directories Accessible to External Parties" }, "discovery_date": "2021-07-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1991305" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3717" }, { "category": "external", "summary": "RHBZ#1991305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991305" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3717", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3717" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3717", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3717" } ], "release_date": "2021-08-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8652" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users" }, { "cve": "CVE-2021-31684", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-06-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2102695" } ], "notes": [ { "category": "description", "text": "A flaw was found in the json-smart package in the JSONParserByteArray. This flaw allows an attacker to cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "json-smart: Denial of Service in JSONParserByteArray function", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-31684" }, { "category": "external", "summary": "RHBZ#2102695", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102695" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-31684", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31684" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31684", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31684" } ], "release_date": "2021-06-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8652" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "json-smart: Denial of Service in JSONParserByteArray function" }, { "cve": "CVE-2021-44906", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066009" } ], "notes": [ { "category": "description", "text": "An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "minimist: prototype pollution", "title": "Vulnerability summary" }, { "category": "other", "text": "The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. While this flaw (CVE-2021-44906) enables attackers to control objects that they should not have access to, actual exploitation would still require a chain of independent flaws. Even though the CVSS for CVE-2021-44906 is higher than CVE-2020-7598, they are both rated as having Moderate impact.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44906" }, { "category": "external", "summary": "RHBZ#2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h" } ], "release_date": "2022-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8652" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "minimist: prototype pollution" }, { "cve": "CVE-2022-0613", "cwe": { "id": "CWE-639", "name": "Authorization Bypass Through User-Controlled Key" }, "discovery_date": "2022-02-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2055496" } ], "notes": [ { "category": "description", "text": "A flaw was found in urijs due to the fix of CVE-2021-3647 not considering case-sensitive protocol schemes in the URL. This issue allows attackers to bypass the patch.", "title": "Vulnerability description" }, { "category": "summary", "text": "urijs: Authorization Bypass Through User-Controlled Key", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0613" }, { "category": "external", "summary": "RHBZ#2055496", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055496" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0613", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0613" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0613", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0613" } ], "release_date": "2022-02-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8652" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "urijs: Authorization Bypass Through User-Controlled Key" }, { "cve": "CVE-2022-2048", "cwe": { "id": "CWE-410", "name": "Insufficient Resource Pool" }, "discovery_date": "2022-08-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2116952" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Eclipse Jetty http2-server package. This flaw allows an attacker to cause a denial of service in the server via HTTP/2 requests.", "title": "Vulnerability description" }, { "category": "summary", "text": "http2-server: Invalid HTTP/2 requests cause DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2048" }, { "category": "external", "summary": "RHBZ#2116952", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116952" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2048", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2048" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2048", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2048" }, { "category": "external", "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j", "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j" } ], "release_date": "2022-07-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8652" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "http2-server: Invalid HTTP/2 requests cause DoS" }, { "cve": "CVE-2022-2053", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2095862" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow. AJP requests to the server may allow an attacker to send a malicious request and trigger server errors, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Large AJP request may cause DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Fuse 7 is now in Maintenance Support Phase and is marked Fixed. However, Red Hat Fuse Online does not contain the fix for this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2053" }, { "category": "external", "summary": "RHBZ#2095862", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095862" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2053", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2053" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2053", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2053" } ], "release_date": "2022-06-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8652" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11.1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "undertow: Large AJP request may cause DoS" }, { "cve": "CVE-2022-24723", "cwe": { "id": "CWE-1173", "name": "Improper Use of Validation Framework" }, "discovery_date": "2022-03-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2062370" } ], "notes": [ { "category": "description", "text": "An improper input validation flaw was found in urijs where white space characters are not removed from the beginning of an URL. This issue allows bypassing the protocol validation.", "title": "Vulnerability description" }, { "category": "summary", "text": "urijs: Leading white space bypasses protocol validation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24723" }, { "category": "external", "summary": "RHBZ#2062370", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062370" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24723", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24723" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24723", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24723" } ], "release_date": "2022-03-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8652" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "urijs: Leading white space bypasses protocol validation" }, { "cve": "CVE-2022-24785", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-04-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2072009" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "Moment.js: Path traversal in moment.locale", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24785" }, { "category": "external", "summary": "RHBZ#2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", "url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4" } ], "release_date": "2022-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8652" }, { "category": "workaround", "details": "Sanitize the user-provided locale name before passing it to Moment.js.", "product_ids": [ "Red Hat Fuse 7.11.1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Moment.js: Path traversal in moment.locale" }, { "cve": "CVE-2022-24823", "cwe": { "id": "CWE-379", "name": "Creation of Temporary File in Directory with Insecure Permissions" }, "discovery_date": "2022-05-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2087186" } ], "notes": [ { "category": "description", "text": "CVE-2021-21290 contains an incomplete fix, and this addresses the issue found in netty. When using multipart decoders in netty, local information disclosure can occur via the local system temporary directory if temporary storing of uploads on the disk is enabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: world readable temporary file containing sensitive data", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users.\n\nRed Hat Satellite 6 is not affected as is using netty 3.6.7 version which is not impacted by this vulnerability.\n\nRed Hat Fuse 7 is now in Maintenance Support Phase and should be fixed soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24823" }, { "category": "external", "summary": "RHBZ#2087186", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087186" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24823", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24823" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24823", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24823" } ], "release_date": "2022-05-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8652" }, { "category": "workaround", "details": "As a workaround, specify one\u0027s own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user.", "product_ids": [ "Red Hat Fuse 7.11.1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty: world readable temporary file containing sensitive data" }, { "cve": "CVE-2022-25857", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-09-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2126789" } ], "notes": [ { "category": "description", "text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections", "title": "Vulnerability summary" }, { "category": "other", "text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25857" }, { "category": "external", "summary": "RHBZ#2126789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857" }, { "category": "external", "summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525" } ], "release_date": "2022-08-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8652" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections" }, { "cve": "CVE-2022-31129", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-07-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2105075" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "moment: inefficient parsing algorithm resulting in DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-31129" }, { "category": "external", "summary": "RHBZ#2105075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31129", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31129" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g", "url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g" } ], "release_date": "2022-07-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8652" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11.1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "moment: inefficient parsing algorithm resulting in DoS" }, { "cve": "CVE-2022-31197", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2022-09-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2129428" } ], "notes": [ { "category": "description", "text": "A flaw was found in PostgresQL. This flaw allows an attacker to benefit from a miss escaping character and leads to a SQL injection attack due to Java.sql.ResultRow.refreshRow() implementation from PGSQL.", "title": "Vulnerability description" }, { "category": "summary", "text": "postgresql: SQL Injection in ResultSet.refreshRow() with malicious column names", "title": "Vulnerability summary" }, { "category": "other", "text": "User applications that do not invoke the `ResultSet.refreshRow()` method are not impacted.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be presented soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-31197" }, { "category": "external", "summary": "RHBZ#2129428", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129428" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31197", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31197" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31197", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31197" }, { "category": "external", "summary": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-r38f-c4h4-hqq2", "url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-r38f-c4h4-hqq2" } ], "release_date": "2022-08-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8652" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "postgresql: SQL Injection in ResultSet.refreshRow() with malicious column names" }, { "cve": "CVE-2022-33980", "discovery_date": "2022-07-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2105067" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache Commons Configuration\u0027s variable interpolation, which by default included several lookup actions that could permit script invocation on remote servers. This issue could allow an attacker to use one of these actions to send a request to execute arbitrary code on the server.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-commons-configuration: Apache Commons Configuration insecure interpolation defaults", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite embeds affected commons-configuration2 with Candlepin, however, product is not affected since vulnerable org.apache.commons.configuration2.interpol.Lookup is not exposed in code. Product Security has rated this vulnerability Low for Satellite and there is no harm identified to confidentiality, integrity, and availability.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-33980" }, { "category": "external", "summary": "RHBZ#2105067", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105067" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-33980", "url": "https://www.cve.org/CVERecord?id=CVE-2022-33980" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-33980", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33980" } ], "release_date": "2022-07-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8652" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache-commons-configuration: Apache Commons Configuration insecure interpolation defaults" }, { "cve": "CVE-2022-38749", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-09-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2129706" } ], "notes": [ { "category": "description", "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38749" }, { "category": "external", "summary": "RHBZ#2129706", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38749", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38749" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749" } ], "release_date": "2022-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8652" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode" }, { "cve": "CVE-2022-41853", "cwe": { "id": "CWE-470", "name": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)" }, "discovery_date": "2022-10-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2136141" } ], "notes": [ { "category": "description", "text": "A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default.", "title": "Vulnerability description" }, { "category": "summary", "text": "hsqldb: Untrusted input may lead to RCE attack", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-41853" }, { "category": "external", "summary": "RHBZ#2136141", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136141" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41853", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41853" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41853", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41853" }, { "category": "external", "summary": "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control", "url": "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-77xx-rxvh-q682", "url": "https://github.com/advisories/GHSA-77xx-rxvh-q682" } ], "release_date": "2022-10-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8652" }, { "category": "workaround", "details": "By default, the static methods of any class that is on the classpath are available for use and can compromise security in some systems. The optional Java system property, hsqldb.method_class_names, allows preventing access to classes other than java.lang.Math or specifying a semicolon-separated list of allowed classes. A property value that ends with .* is treated as a wild card and allows access to all class or method names formed by substitution of the * (asterisk).\n\nIn the example below, the property has been included as an argument to the Java command.\n\n java -Dhsqldb.method_class_names=\"org.me.MyClass;org.you.YourClass;org.you.lib.*\" [the rest of the command line]\n\nThe above example allows access to the methods in the two classes: org.me.MyClass and org.you.YourClass together with all the classes in the org.you.lib package. Note that if the property is not defined, no access control is performed at this level.\n\nThe user who creates a Java routine must have the relevant access privileges on the tables that are used inside the Java method.\n\nOnce the routine has been defined, the normal database access control applies to its user. The routine can be executed only by those users who have been granted EXECUTE privileges on it. Access to routines can be granted to users with GRANT EXECUTE or GRANT ALL. For example, GRANT EXECUTE ON myroutine TO PUBLIC.\n\nIn hsqldb 2.7.1, all classes by default are not accessible, except those in java.lang.Math and need to be manually enabled.", "product_ids": [ "Red Hat Fuse 7.11.1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11.1" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "hsqldb: Untrusted input may lead to RCE attack" }, { "cve": "CVE-2022-42889", "cwe": { "id": "CWE-1188", "name": "Initialization of a Resource with an Insecure Default" }, "discovery_date": "2022-10-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135435" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-commons-text: variable interpolation RCE", "title": "Vulnerability summary" }, { "category": "other", "text": "In order to carry successful exploitation of this vulnerability, the following conditions must be in place on the affected target:\n - Usage of specific methods that interpolate the variables as described in the flaw\n - Usage of external input for those methods\n - Usage of that external input has to be unsanitized/no \"allow list\"/etc.\n\nThe following products have *Low* impact because they have maven references to the affected package but do not ship it nor use the code:\n- Red Hat EAP Expansion Pack (EAP-XP)\n- Red Hat Camel-K\n- Red Hat Camel-Quarkus\n\nRed Hat Satellite ships Candlepin that embeds Apache Commons Text, however, it is not vulnerable to the flaw since the library has not been exposed in the product code. In Candlepin, the Commons Text is being pulled for the Liquibase and ActiveMQ Artemis libraries as a dependency. Red Hat Product Security has evaluated and rated the impact of the flaw as Low for Satellite since there was no harm identified to the confidentiality, integrity, or availability of systems.\n\n- The OCP has a *Moderate* impact because the affected library is a third-party library in the OCP jenkins-2-plugin component which reduces the possibilities of successful exploitation.\n- The OCP-4.8 is affected by this CVE and is in an extended life phase. For versions of products in the Extended Life Phase, Red Hat will provide limited ongoing technical support. No bug fixes, security fixes, hardware enablement or root-cause analysis will be available during this phase, and support will be provided on existing installations only.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.11.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42889" }, { "category": "external", "summary": "RHBZ#2135435", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42889", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42889" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889" }, { "category": "external", "summary": "https://blogs.apache.org/security/entry/cve-2022-42889", "url": "https://blogs.apache.org/security/entry/cve-2022-42889" }, { "category": "external", "summary": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om", "url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om" }, { "category": "external", "summary": "https://seclists.org/oss-sec/2022/q4/22", "url": "https://seclists.org/oss-sec/2022/q4/22" } ], "release_date": "2022-10-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.11.1 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/", "product_ids": [ "Red Hat Fuse 7.11.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8652" }, { "category": "workaround", "details": "This flaw may be avoided by ensuring that any external inputs used with the Commons-Text lookup methods are sanitized properly. Untrusted input should always be thoroughly sanitized before using in any potentially risky situations.", "product_ids": [ "Red Hat Fuse 7.11.1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Fuse 7.11.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache-commons-text: variable interpolation RCE" } ] }
rhsa-2023_1044
Vulnerability from csaf_redhat
Published
2023-03-01 21:45
Modified
2024-09-19 07:52
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update on RHEL 8
Notes
Topic
New Red Hat Single Sign-On 7.6.2 packages are now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.2 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* keycloak: XSS on impersonation under specific circumstances (CVE-2022-1438)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* keycloak: missing email notification template allowlist (CVE-2022-1274)
* keycloak: minimist: prototype pollution (CVE-2021-44906)
* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
* undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)
* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)
* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)
* keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)
* keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)
* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)
* keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)
* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
* rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
* jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)
* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)
* keycloak: reflected XSS attack (CVE-2022-4137)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "New Red Hat Single Sign-On 7.6.2 packages are now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.2 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n* keycloak: XSS on impersonation under specific circumstances (CVE-2022-1438)\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n* keycloak: missing email notification template allowlist (CVE-2022-1274)\n* keycloak: minimist: prototype pollution (CVE-2021-44906)\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n* undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n* loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)\n* keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)\n* keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n* keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)\n* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n* rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n* jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n* jquery: Passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n* jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n* keycloak: reflected XSS attack (CVE-2022-4137)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:1044", "url": "https://access.redhat.com/errata/RHSA-2023:1044" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1601614", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614" }, { "category": "external", "summary": "1601617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617" }, { "category": "external", "summary": "1701972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972" }, { "category": "external", "summary": "1828406", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406" }, { "category": "external", "summary": "2031904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031904" }, { "category": "external", "summary": "2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "2073157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073157" }, { "category": "external", "summary": "2105075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075" }, { "category": "external", "summary": "2117506", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117506" }, { "category": "external", "summary": "2126789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789" }, { "category": "external", "summary": "2129706", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706" }, { "category": "external", "summary": "2129707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707" }, { "category": "external", "summary": "2129709", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129709" }, { "category": "external", "summary": "2135244", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244" }, { "category": "external", "summary": "2135247", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247" }, { "category": "external", "summary": "2135770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770" }, { "category": "external", "summary": "2135771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771" }, { "category": "external", "summary": "2138971", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138971" }, { "category": "external", "summary": "2140597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597" }, { "category": "external", "summary": "2141404", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141404" }, { "category": "external", "summary": "2145194", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194" }, { "category": "external", "summary": "2148496", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148496" }, { "category": "external", "summary": "2150009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009" }, { "category": "external", "summary": "2155681", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681" }, { "category": "external", "summary": "2155682", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682" }, { "category": "external", "summary": "2155970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970" }, { "category": "external", "summary": "2156263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263" }, { "category": "external", "summary": "2156324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324" }, { "category": "external", "summary": "2158585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158585" }, { "category": "external", "summary": "2160585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160585" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_1044.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update on RHEL 8", "tracking": { "current_release_date": "2024-09-19T07:52:09+00:00", "generator": { "date": "2024-09-19T07:52:09+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2023:1044", "initial_release_date": "2023-03-01T21:45:12+00:00", "revision_history": [ { "date": "2023-03-01T21:45:12+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-03-01T21:45:12+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-19T07:52:09+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.6 for RHEL 8", "product": { "name": "Red Hat Single Sign-On 7.6 for RHEL 8", "product_id": "8Base-RHSSO-7.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "product": { "name": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "product_id": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.6-1.redhat_00001.1.el8sso?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "product": { "name": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "product_id": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.6-1.redhat_00001.1.el8sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "product": { "name": "rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "product_id": "rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.6-1.redhat_00001.1.el8sso?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 8", "product_id": "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch" }, "product_reference": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "relates_to_product_reference": "8Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 8", "product_id": "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src" }, "product_reference": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "relates_to_product_reference": "8Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 8", "product_id": "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" }, "product_reference": "rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "relates_to_product_reference": "8Base-RHSSO-7.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-14040", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2018-07-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1601614" } ], "notes": [ { "category": "description", "text": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.", "title": "Vulnerability description" }, { "category": "summary", "text": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14040" }, { "category": "external", "summary": "RHBZ#1601614", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14040", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14040" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040" } ], "release_date": "2018-05-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute" }, { "cve": "CVE-2018-14042", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2018-07-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1601617" } ], "notes": [ { "category": "description", "text": "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.", "title": "Vulnerability description" }, { "category": "summary", "text": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14042" }, { "category": "external", "summary": "RHBZ#1601617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14042", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14042" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042" } ], "release_date": "2018-05-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip" }, { "cve": "CVE-2019-11358", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2019-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1701972" } ], "notes": [ { "category": "description", "text": "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.", "title": "Vulnerability description" }, { "category": "summary", "text": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-11358" }, { "category": "external", "summary": "RHBZ#1701972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-11358", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11358" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358" }, { "category": "external", "summary": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/" }, { "category": "external", "summary": "https://www.drupal.org/sa-core-2019-006", "url": "https://www.drupal.org/sa-core-2019-006" } ], "release_date": "2019-03-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection" }, { "cve": "CVE-2020-11022", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2020-04-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1828406" } ], "notes": [ { "category": "description", "text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.", "title": "Vulnerability description" }, { "category": "summary", "text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method", "title": "Vulnerability summary" }, { "category": "other", "text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11022" }, { "category": "external", "summary": "RHBZ#1828406", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11022" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2", "url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2" } ], "release_date": "2020-04-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method" }, { "cve": "CVE-2020-11023", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2020-06-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1850004" } ], "notes": [ { "category": "description", "text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. However, the vulnerability has not been found to be exploitable in reasonable scenarios. \n\nIn RHEL7, pcs-0.9.169-3.el7_9.3 [RHSA-2022:7343] contains an updated version of jquery (3.6.0), which does not contain the vulnerable code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11023" }, { "category": "external", "summary": "RHBZ#1850004", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023" }, { "category": "external", "summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", "url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/" } ], "release_date": "2020-04-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods" }, { "cve": "CVE-2021-35065", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-12-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156324" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "glob-parent: Regular Expression Denial of Service", "title": "Vulnerability summary" }, { "category": "other", "text": "The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-35065" }, { "category": "external", "summary": "RHBZ#2156324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-35065", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35065" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065" }, { "category": "external", "summary": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294", "url": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294" } ], "release_date": "2022-12-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "glob-parent: Regular Expression Denial of Service" }, { "cve": "CVE-2021-44906", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066009" } ], "notes": [ { "category": "description", "text": "An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "minimist: prototype pollution", "title": "Vulnerability summary" }, { "category": "other", "text": "The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. While this flaw (CVE-2021-44906) enables attackers to control objects that they should not have access to, actual exploitation would still require a chain of independent flaws. Even though the CVSS for CVE-2021-44906 is higher than CVE-2020-7598, they are both rated as having Moderate impact.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44906" }, { "category": "external", "summary": "RHBZ#2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h" } ], "release_date": "2022-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "minimist: prototype pollution" }, { "acknowledgments": [ { "names": [ "Marcus Nilsson" ], "organization": "usd AG" } ], "cve": "CVE-2022-1274", "cwe": { "id": "CWE-80", "name": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)" }, "discovery_date": "2022-04-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073157" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: HTML injection in execute-actions-email Admin REST API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1274" }, { "category": "external", "summary": "RHBZ#2073157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073157" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1274", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1274" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1274", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1274" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725" } ], "release_date": "2023-02-28T18:57:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: HTML injection in execute-actions-email Admin REST API" }, { "acknowledgments": [ { "names": [ "Grzegorz Tworek" ], "organization": "SISOFT s.c." } ], "cve": "CVE-2022-1438", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2021-12-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031904" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: XSS on impersonation under specific circumstances", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1438" }, { "category": "external", "summary": "RHBZ#2031904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031904" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1438", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1438" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1438", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1438" } ], "release_date": "2023-02-28T18:56:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: XSS on impersonation under specific circumstances" }, { "cve": "CVE-2022-1471", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-12-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2150009" } ], "notes": [ { "category": "description", "text": "A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE).", "title": "Vulnerability description" }, { "category": "summary", "text": "SnakeYaml: Constructor Deserialization Remote Code Execution", "title": "Vulnerability summary" }, { "category": "other", "text": "In the Red Hat Process Automation 7 (RHPAM) the untrusted, malicious YAML file for deserialization by the vulnerable Snakeyaml\u0027s SafeConstructor class must be provided intentionally by the RHPAM user which requires high privileges. The potential attack complexity is also high because it depends on conditions that are beyond the attacker\u0027s control. Due to that the impact for RHPAM is reduced to Low.\n\nRed Hat Fuse 7 does not expose by default any endpoint that passes incoming data/request into vulnerable Snakeyaml\u0027s Constructor class nor pass untrusted data to this class. When this class is used, it\u2019s still only used to parse internal configuration, hence the impact by this vulnerability to Red Hat Fuse 7 is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1471" }, { "category": "external", "summary": "RHBZ#2150009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1471", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471" }, { "category": "external", "summary": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2", "url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2" } ], "release_date": "2022-10-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "SnakeYaml: Constructor Deserialization Remote Code Execution" }, { "cve": "CVE-2022-2764", "discovery_date": "2022-08-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2117506" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LAST_CHUNK from the bytes, causing a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2764" }, { "category": "external", "summary": "RHBZ#2117506", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117506" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2764", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2764" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2764", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2764" } ], "release_date": "2022-08-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations" }, { "acknowledgments": [ { "names": [ "Peter Flintholm" ], "organization": "Trifork" } ], "cve": "CVE-2022-3916", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2022-11-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2141404" } ], "notes": [ { "category": "description", "text": "A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Session takeover with OIDC offline refreshtokens", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-3916" }, { "category": "external", "summary": "RHBZ#2141404", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141404" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3916", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3916" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3916", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3916" } ], "release_date": "2022-11-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Session takeover with OIDC offline refreshtokens" }, { "cve": "CVE-2022-4137", "cwe": { "id": "CWE-81", "name": "Improper Neutralization of Script in an Error Message Web Page" }, "discovery_date": "2022-11-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2148496" } ], "notes": [ { "category": "description", "text": "A reflected cross-site scripting (XSS) vulnerability was found in the \u0027oob\u0027 OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: reflected XSS attack", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-4137" }, { "category": "external", "summary": "RHBZ#2148496", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148496" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-4137", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4137" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4137", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4137" } ], "release_date": "2023-03-01T13:56:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "keycloak: reflected XSS attack" }, { "cve": "CVE-2022-24785", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-04-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2072009" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "Moment.js: Path traversal in moment.locale", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24785" }, { "category": "external", "summary": "RHBZ#2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", "url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4" } ], "release_date": "2022-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" }, { "category": "workaround", "details": "Sanitize the user-provided locale name before passing it to Moment.js.", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Moment.js: Path traversal in moment.locale" }, { "cve": "CVE-2022-25857", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-09-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2126789" } ], "notes": [ { "category": "description", "text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections", "title": "Vulnerability summary" }, { "category": "other", "text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25857" }, { "category": "external", "summary": "RHBZ#2126789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857" }, { "category": "external", "summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525" } ], "release_date": "2022-08-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections" }, { "cve": "CVE-2022-31129", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-07-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2105075" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "moment: inefficient parsing algorithm resulting in DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-31129" }, { "category": "external", "summary": "RHBZ#2105075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31129", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31129" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g", "url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g" } ], "release_date": "2022-07-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "moment: inefficient parsing algorithm resulting in DoS" }, { "cve": "CVE-2022-37603", "cwe": { "id": "CWE-185", "name": "Incorrect Regular Expression" }, "discovery_date": "2022-11-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2140597" } ], "notes": [ { "category": "description", "text": "A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.", "title": "Vulnerability description" }, { "category": "summary", "text": "loader-utils: Regular expression denial of service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-37603" }, { "category": "external", "summary": "RHBZ#2140597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-37603", "url": "https://www.cve.org/CVERecord?id=CVE-2022-37603" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603" } ], "release_date": "2022-10-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "loader-utils: Regular expression denial of service" }, { "cve": "CVE-2022-38749", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-09-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2129706" } ], "notes": [ { "category": "description", "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38749" }, { "category": "external", "summary": "RHBZ#2129706", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38749", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38749" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749" } ], "release_date": "2022-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode" }, { "cve": "CVE-2022-38750", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-09-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2129707" } ], "notes": [ { "category": "description", "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38750" }, { "category": "external", "summary": "RHBZ#2129707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38750", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38750" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750" } ], "release_date": "2022-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject" }, { "cve": "CVE-2022-38751", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-09-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2129709" } ], "notes": [ { "category": "description", "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38751" }, { "category": "external", "summary": "RHBZ#2129709", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129709" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38751", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38751" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751" } ], "release_date": "2022-09-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match" }, { "cve": "CVE-2022-40149", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-10-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135771" } ], "notes": [ { "category": "description", "text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: parser crash by stackoverflow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-40149" }, { "category": "external", "summary": "RHBZ#2135771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40149" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149" }, { "category": "external", "summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", "url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1" } ], "release_date": "2022-09-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jettison: parser crash by stackoverflow" }, { "cve": "CVE-2022-40150", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-10-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135770" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: memory exhaustion via user-supplied XML or JSON data", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-40150" }, { "category": "external", "summary": "RHBZ#2135770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40150" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150" }, { "category": "external", "summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", "url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1" } ], "release_date": "2022-09-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jettison: memory exhaustion via user-supplied XML or JSON data" }, { "cve": "CVE-2022-42003", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-10-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135244" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42003" }, { "category": "external", "summary": "RHBZ#2135244", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003" } ], "release_date": "2022-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS" }, { "cve": "CVE-2022-42004", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-10-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135247" } ], "notes": [ { "category": "description", "text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: use of deeply nested arrays", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42004" }, { "category": "external", "summary": "RHBZ#2135247", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004" } ], "release_date": "2022-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: use of deeply nested arrays" }, { "cve": "CVE-2022-45047", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-11-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2145194" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.", "title": "Vulnerability description" }, { "category": "summary", "text": "mina-sshd: Java unsafe deserialization vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Impact as High as there\u0027s a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it\u0027s very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-45047" }, { "category": "external", "summary": "RHBZ#2145194", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-45047", "url": "https://www.cve.org/CVERecord?id=CVE-2022-45047" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047" }, { "category": "external", "summary": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", "url": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html" } ], "release_date": "2022-11-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" }, { "category": "workaround", "details": "From the maintainer:\n\nFor Apache MINA SSHD \u003c= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server\u0027s host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "mina-sshd: Java unsafe deserialization vulnerability" }, { "cve": "CVE-2022-45693", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-12-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2155970" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-45693" }, { "category": "external", "summary": "RHBZ#2155970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-45693", "url": "https://www.cve.org/CVERecord?id=CVE-2022-45693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693" } ], "release_date": "2022-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos" }, { "cve": "CVE-2022-46175", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-12-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156263" } ], "notes": [ { "category": "description", "text": "A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.", "title": "Vulnerability description" }, { "category": "summary", "text": "json5: Prototype Pollution in JSON5 via Parse Method", "title": "Vulnerability summary" }, { "category": "other", "text": "The json5 package is a build-time dependency in Red Hat products and is not used in production runtime. Hence, the impact is set to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-46175" }, { "category": "external", "summary": "RHBZ#2156263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46175", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175" }, { "category": "external", "summary": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h", "url": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h" } ], "release_date": "2022-12-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "json5: Prototype Pollution in JSON5 via Parse Method" }, { "cve": "CVE-2022-46363", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2022-12-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2155681" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.", "title": "Vulnerability description" }, { "category": "summary", "text": "CXF: directory listing / code exfiltration", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-46363" }, { "category": "external", "summary": "RHBZ#2155681", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46363", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46363" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363" }, { "category": "external", "summary": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c", "url": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c" } ], "release_date": "2022-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "CXF: directory listing / code exfiltration" }, { "cve": "CVE-2022-46364", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2022-12-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2155682" } ], "notes": [ { "category": "description", "text": "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", "title": "Vulnerability description" }, { "category": "summary", "text": "CXF: SSRF Vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-46364" }, { "category": "external", "summary": "RHBZ#2155682", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46364", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46364" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364" }, { "category": "external", "summary": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2", "url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2" } ], "release_date": "2022-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "CXF: SSRF Vulnerability" }, { "acknowledgments": [ { "names": [ "Sourav Kumar" ], "organization": "https://github.com/souravs17031999", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2023-0091", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2022-10-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2158585" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Client Registration endpoint does not check token revocation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-0091" }, { "category": "external", "summary": "RHBZ#2158585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158585" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0091", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0091" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0091", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0091" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg" }, { "category": "external", "summary": "https://github.com/keycloak/security/issues/27", "url": "https://github.com/keycloak/security/issues/27" } ], "release_date": "2022-10-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: Client Registration endpoint does not check token revocation" }, { "acknowledgments": [ { "names": [ "Jordi Zayuelas i Mu\u00f1oz" ], "organization": "A1 Digital", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2023-0264", "cwe": { "id": "CWE-303", "name": "Incorrect Implementation of Authentication Algorithm" }, "discovery_date": "2023-01-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2160585" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak\u0027s OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, Integrity, and availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: user impersonation via stolen uuid code", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-0264" }, { "category": "external", "summary": "RHBZ#2160585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160585" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0264", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0264" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0264", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0264" } ], "release_date": "2023-02-28T18:58:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1044" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.6-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: user impersonation via stolen uuid code" } ] }
rhsa-2022_5893
Vulnerability from csaf_redhat
Published
2022-08-03 18:01
Modified
2024-09-16 07:49
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.6 Security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.5, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.6 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson (CVE-2022-25647)
* org.jboss.hal-hal-parent: minimist: prototype pollution (CVE-2021-44906)
* netty: world readable temporary file containing sensitive data (CVE-2022-24823)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.5, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.6 Release Notes for information about the most significant bug fixes and enhancements included in this release.\nSecurity Fix(es):\n\n* com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson (CVE-2022-25647)\n\n* org.jboss.hal-hal-parent: minimist: prototype pollution (CVE-2021-44906)\n\n* netty: world readable temporary file containing sensitive data (CVE-2022-24823)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:5893", "url": "https://access.redhat.com/errata/RHSA-2022:5893" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/" }, { "category": "external", "summary": "2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "2080850", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080850" }, { "category": "external", "summary": "2087186", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087186" }, { "category": "external", "summary": "JBEAP-17119", "url": "https://issues.redhat.com/browse/JBEAP-17119" }, { "category": "external", "summary": "JBEAP-23344", "url": "https://issues.redhat.com/browse/JBEAP-23344" }, { "category": "external", "summary": "JBEAP-23361", "url": "https://issues.redhat.com/browse/JBEAP-23361" }, { "category": "external", "summary": "JBEAP-23444", "url": "https://issues.redhat.com/browse/JBEAP-23444" }, { "category": "external", "summary": "JBEAP-23492", "url": "https://issues.redhat.com/browse/JBEAP-23492" }, { "category": "external", "summary": "JBEAP-23526", "url": "https://issues.redhat.com/browse/JBEAP-23526" }, { "category": "external", "summary": "JBEAP-23528", "url": "https://issues.redhat.com/browse/JBEAP-23528" }, { "category": "external", "summary": "JBEAP-23546", "url": "https://issues.redhat.com/browse/JBEAP-23546" }, { "category": "external", "summary": "JBEAP-23550", "url": "https://issues.redhat.com/browse/JBEAP-23550" }, { "category": "external", "summary": "JBEAP-23551", "url": "https://issues.redhat.com/browse/JBEAP-23551" }, { "category": "external", "summary": "JBEAP-23554", "url": "https://issues.redhat.com/browse/JBEAP-23554" }, { "category": "external", "summary": "JBEAP-23556", "url": "https://issues.redhat.com/browse/JBEAP-23556" }, { "category": "external", "summary": "JBEAP-23557", "url": "https://issues.redhat.com/browse/JBEAP-23557" }, { "category": "external", "summary": "JBEAP-23559", "url": "https://issues.redhat.com/browse/JBEAP-23559" }, { "category": "external", "summary": "JBEAP-23561", "url": "https://issues.redhat.com/browse/JBEAP-23561" }, { "category": "external", "summary": "JBEAP-23566", "url": "https://issues.redhat.com/browse/JBEAP-23566" }, { "category": "external", "summary": "JBEAP-23571", "url": "https://issues.redhat.com/browse/JBEAP-23571" }, { "category": "external", "summary": "JBEAP-23626", "url": "https://issues.redhat.com/browse/JBEAP-23626" }, { "category": "external", "summary": "JBEAP-23659", "url": "https://issues.redhat.com/browse/JBEAP-23659" }, { "category": "external", "summary": "JBEAP-23671", "url": "https://issues.redhat.com/browse/JBEAP-23671" }, { "category": "external", "summary": "JBEAP-23686", "url": "https://issues.redhat.com/browse/JBEAP-23686" }, { "category": "external", "summary": "JBEAP-23726", "url": "https://issues.redhat.com/browse/JBEAP-23726" }, { "category": "external", "summary": "JBEAP-23728", "url": "https://issues.redhat.com/browse/JBEAP-23728" }, { "category": "external", "summary": "JBEAP-23806", "url": "https://issues.redhat.com/browse/JBEAP-23806" }, { "category": "external", "summary": "JBEAP-23807", "url": "https://issues.redhat.com/browse/JBEAP-23807" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2022/rhsa-2022_5893.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.6 Security update", "tracking": { "current_release_date": "2024-09-16T07:49:47+00:00", "generator": { "date": "2024-09-16T07:49:47+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2022:5893", "initial_release_date": "2022-08-03T18:01:48+00:00", "revision_history": [ { "date": "2022-08-03T18:01:48+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-08-03T18:01:48+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-16T07:49:47+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.4 for RHEL 8", "product": { "name": "Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-picketlink-api-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "product": { "name": "eap7-picketlink-api-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "product_id": "eap7-picketlink-api-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-api@2.5.5-21.SP12_redhat_00011.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-common-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "product": { "name": "eap7-picketlink-common-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "product_id": "eap7-picketlink-common-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-common@2.5.5-21.SP12_redhat_00011.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-config-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "product": { "name": "eap7-picketlink-config-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "product_id": "eap7-picketlink-config-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-config@2.5.5-21.SP12_redhat_00011.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "product": { "name": "eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "product_id": "eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-federation@2.5.5-21.SP12_redhat_00011.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-idm-api-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "product": { "name": "eap7-picketlink-idm-api-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "product_id": "eap7-picketlink-idm-api-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-idm-api@2.5.5-21.SP12_redhat_00011.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-idm-impl-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "product": { "name": "eap7-picketlink-idm-impl-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "product_id": "eap7-picketlink-idm-impl-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-idm-impl@2.5.5-21.SP12_redhat_00011.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-idm-simple-schema-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "product": { "name": "eap7-picketlink-idm-simple-schema-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "product_id": "eap7-picketlink-idm-simple-schema-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-idm-simple-schema@2.5.5-21.SP12_redhat_00011.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-impl-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "product": { "name": "eap7-picketlink-impl-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "product_id": "eap7-picketlink-impl-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-impl@2.5.5-21.SP12_redhat_00011.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.13-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.15.13-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.15.13-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.15.13-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.13-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-gson-0:2.8.9-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-gson-0:2.8.9-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-gson-0:2.8.9-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-gson@2.8.9-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jandex@2.4.2-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el8eap.noarch", "product_id": "eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.14-4.SP05_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-2.SP2_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jberet-core-0:1.3.9-2.SP2_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jberet-core-0:1.3.9-2.SP2_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jberet-core-0:1.3.9-2.SP2_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.9-2.SP2_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.13-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.3.13-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-rt-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-apache-cxf-rt-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-apache-cxf-rt-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.3.13-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-services-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-apache-cxf-services-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-apache-cxf-services-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.3.13-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-tools-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-apache-cxf-tools-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-apache-cxf-tools-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.3.13-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketbox@5.0.3-10.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketbox-infinispan-0:5.0.3-10.Final_redhat_00009.1.el8eap.noarch", "product": { "name": "eap7-picketbox-infinispan-0:5.0.3-10.Final_redhat_00009.1.el8eap.noarch", "product_id": "eap7-picketbox-infinispan-0:5.0.3-10.Final_redhat_00009.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketbox-infinispan@5.0.3-10.Final_redhat_00009.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el8eap.noarch", "product_id": "eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.6.1-2.redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.3-2.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-api-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-common-api-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-common-api-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.5.3-2.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-impl-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-common-impl-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-common-impl-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.5.3-2.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-spi-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-common-spi-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-common-spi-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.5.3-2.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-api-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-core-api-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-core-api-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.5.3-2.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-impl-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-core-impl-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-core-impl-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.5.3-2.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-deployers-common-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-deployers-common-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-deployers-common-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.5.3-2.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-jdbc-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-jdbc-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-jdbc-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.5.3-2.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-validator-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-validator-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-validator-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.5.3-2.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.77-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-all-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-all-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-all-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-all@4.1.77-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-buffer@4.1.77-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec@4.1.77-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-dns@4.1.77-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-haproxy@4.1.77-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-http@4.1.77-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-http2@4.1.77-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-memcache@4.1.77-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-mqtt@4.1.77-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-redis@4.1.77-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-smtp@4.1.77-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-socks@4.1.77-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-stomp@4.1.77-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-xml@4.1.77-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-common@4.1.77-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-handler@4.1.77-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-handler-proxy@4.1.77-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver@4.1.77-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver-dns@4.1.77-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver-dns-classes-macos@4.1.77-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport@4.1.77-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-classes-epoll@4.1.77-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-classes-kqueue@4.1.77-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-unix-common@4.1.77-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-rxtx@4.1.77-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-sctp@4.1.77-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-udt@4.1.77-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-tcnative@2.0.52-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.27-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.27-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.27-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.27-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-java8-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-java8-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.27-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.25-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-common-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-client-common-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-client-common-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.1.12-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-ejb-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-ejb-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-ejb-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.1.12-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-naming-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-naming-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-naming-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.1.12-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-transaction-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-transaction-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-transaction-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.1.12-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl@2.2.3-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-java-0:2.2.3-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-openssl-java-0:2.2.3-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-openssl-java-0:2.2.3-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-java@2.2.3-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-5.SP06_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el8eap.noarch", "product_id": "eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-26.SP12_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-wildfly8-0:2.5.5-26.SP12_redhat_00014.1.el8eap.noarch", "product": { "name": "eap7-picketlink-wildfly8-0:2.5.5-26.SP12_redhat_00014.1.el8eap.noarch", "product_id": "eap7-picketlink-wildfly8-0:2.5.5-26.SP12_redhat_00014.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-wildfly8@2.5.5-26.SP12_redhat_00014.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el8eap.noarch", "product_id": "eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.18-2.SP2_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-18.Final_redhat_00017.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.10.0-18.Final_redhat_00017.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-18.Final_redhat_00017.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.10.0-18.Final_redhat_00017.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-18.Final_redhat_00017.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.10.0-18.Final_redhat_00017.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.10.0-18.Final_redhat_00017.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.10.0-18.Final_redhat_00017.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-18.Final_redhat_00017.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.6-5.GA_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.4.6-5.GA_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.4.6-5.GA_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.4.6-5.GA_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.6-5.GA_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.4.6-5.GA_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.4.6-5.GA_redhat_00002.1.el8eap.noarch", "product_id": "eap7-wildfly-modules-0:7.4.6-5.GA_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.6-5.GA_redhat_00002.1.el8eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el8eap.src", "product": { "name": "eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el8eap.src", "product_id": "eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-federation@2.5.5-21.SP12_redhat_00011.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.13-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-gson-0:2.8.9-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-gson-0:2.8.9-1.redhat_00001.1.el8eap.src", "product_id": "eap7-gson-0:2.8.9-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-gson@2.8.9-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jandex@2.4.2-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el8eap.src", "product": { "name": "eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el8eap.src", "product_id": "eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.14-4.SP05_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el8eap.src", "product_id": "eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-2.SP2_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.13-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el8eap.src", "product_id": "eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.3.13-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el8eap.src", "product": { "name": "eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el8eap.src", "product_id": "eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketbox@5.0.3-10.Final_redhat_00009.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el8eap.src", "product": { "name": "eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el8eap.src", "product_id": "eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.6.1-2.redhat_00004.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el8eap.src", "product": { "name": "eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el8eap.src", "product_id": "eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.3-2.SP1_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.77-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.77-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-tcnative@2.0.52-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.27-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.25-1.SP1_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-el8-x86_64-0:2.2.2-1.Final_redhat_00002.1.el8eap.src", "product": { "name": "eap7-wildfly-openssl-el8-x86_64-0:2.2.2-1.Final_redhat_00002.1.el8eap.src", "product_id": "eap7-wildfly-openssl-el8-x86_64-0:2.2.2-1.Final_redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-el8-x86_64@2.2.2-1.Final_redhat_00002.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-http-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-http-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.1.12-1.SP1_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl@2.2.3-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-5.SP06_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el8eap.src", "product": { "name": "eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el8eap.src", "product_id": "eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-26.SP12_redhat_00014.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el8eap.src", "product": { "name": "eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el8eap.src", "product_id": "eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.18-2.SP2_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el8eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el8eap.src", "product_id": "eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-18.Final_redhat_00017.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el8eap.src", "product": { "name": "eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el8eap.src", "product_id": "eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.6-5.GA_redhat_00002.1.el8eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el8eap.x86_64", "product": { "name": "eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el8eap.x86_64", "product_id": "eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el8eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.77-1.Final_redhat_00001.1.el8eap?arch=x86_64" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.77-1.Final_redhat_00001.1.el8eap.x86_64", "product": { "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.77-1.Final_redhat_00001.1.el8eap.x86_64", "product_id": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.77-1.Final_redhat_00001.1.el8eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll-debuginfo@4.1.77-1.Final_redhat_00001.1.el8eap?arch=x86_64" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-el8-x86_64-0:2.2.2-1.Final_redhat_00002.1.el8eap.x86_64", "product": { "name": "eap7-wildfly-openssl-el8-x86_64-0:2.2.2-1.Final_redhat_00002.1.el8eap.x86_64", "product_id": "eap7-wildfly-openssl-el8-x86_64-0:2.2.2-1.Final_redhat_00002.1.el8eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-el8-x86_64@2.2.2-1.Final_redhat_00002.1.el8eap?arch=x86_64" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.2-1.Final_redhat_00002.1.el8eap.x86_64", "product": { "name": "eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.2-1.Final_redhat_00002.1.el8eap.x86_64", "product_id": "eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.2-1.Final_redhat_00002.1.el8eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-el8-x86_64-debuginfo@2.2.2-1.Final_redhat_00002.1.el8eap?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-rt-0:3.3.13-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.13-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-apache-cxf-rt-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-services-0:3.3.13-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.13-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-apache-cxf-services-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-tools-0:3.3.13-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.13-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-apache-cxf-tools-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-gson-0:2.8.9-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-gson-0:2.8.9-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-gson-0:2.8.9-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-gson-0:2.8.9-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-api-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-common-api-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-impl-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-common-impl-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-spi-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-common-spi-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-api-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-core-api-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-impl-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-core-impl-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-deployers-common-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-deployers-common-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-jdbc-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-jdbc-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-validator-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-validator-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el8eap.src" }, "product_reference": "eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-core-0:1.3.9-2.SP2_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-2.SP2_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jberet-core-0:1.3.9-2.SP2_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el8eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-18.Final_redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-18.Final_redhat_00017.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-18.Final_redhat_00017.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.10.0-18.Final_redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-18.Final_redhat_00017.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.10.0-18.Final_redhat_00017.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-all-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-all-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el8eap.x86_64" }, "product_reference": "eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el8eap.x86_64", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.77-1.Final_redhat_00001.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.77-1.Final_redhat_00001.1.el8eap.x86_64" }, "product_reference": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.77-1.Final_redhat_00001.1.el8eap.x86_64", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el8eap.src" }, "product_reference": "eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketbox-infinispan-0:5.0.3-10.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-10.Final_redhat_00009.1.el8eap.noarch" }, "product_reference": "eap7-picketbox-infinispan-0:5.0.3-10.Final_redhat_00009.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-api-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch" }, "product_reference": "eap7-picketlink-api-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el8eap.src" }, "product_reference": "eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-common-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch" }, "product_reference": "eap7-picketlink-common-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-config-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch" }, "product_reference": "eap7-picketlink-config-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch" }, "product_reference": "eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el8eap.src" }, "product_reference": "eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-idm-api-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch" }, "product_reference": "eap7-picketlink-idm-api-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-idm-impl-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch" }, "product_reference": "eap7-picketlink-idm-impl-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-idm-simple-schema-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch" }, "product_reference": "eap7-picketlink-idm-simple-schema-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-impl-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch" }, "product_reference": "eap7-picketlink-impl-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-wildfly8-0:2.5.5-26.SP12_redhat_00014.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-26.SP12_redhat_00014.1.el8eap.noarch" }, "product_reference": "eap7-picketlink-wildfly8-0:2.5.5-26.SP12_redhat_00014.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el8eap.src" }, "product_reference": "eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.15.13-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.13-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.15.13-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-http-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-common-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-client-common-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-ejb-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-ejb-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-naming-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-naming-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-transaction-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-transaction-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.4.6-5.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.6-5.GA_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.4.6-5.GA_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.4.6-5.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.6-5.GA_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.4.6-5.GA_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-el8-x86_64-0:2.2.2-1.Final_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.2-1.Final_redhat_00002.1.el8eap.src" }, "product_reference": "eap7-wildfly-openssl-el8-x86_64-0:2.2.2-1.Final_redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-el8-x86_64-0:2.2.2-1.Final_redhat_00002.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.2-1.Final_redhat_00002.1.el8eap.x86_64" }, "product_reference": "eap7-wildfly-openssl-el8-x86_64-0:2.2.2-1.Final_redhat_00002.1.el8eap.x86_64", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.2-1.Final_redhat_00002.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.2-1.Final_redhat_00002.1.el8eap.x86_64" }, "product_reference": "eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.2-1.Final_redhat_00002.1.el8eap.x86_64", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-java-0:2.2.3-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.3-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-openssl-java-0:2.2.3-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-44906", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-03-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-2.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-18.Final_redhat_00017.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-18.Final_redhat_00017.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.77-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-10.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-26.SP12_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.6-5.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.6-5.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.2-1.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.2-1.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.3-1.Final_redhat_00001.1.el8eap.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066009" } ], "notes": [ { "category": "description", "text": "An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "minimist: prototype pollution", "title": "Vulnerability summary" }, { "category": "other", "text": "The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. While this flaw (CVE-2021-44906) enables attackers to control objects that they should not have access to, actual exploitation would still require a chain of independent flaws. Even though the CVSS for CVE-2021-44906 is higher than CVE-2020-7598, they are both rated as having Moderate impact.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-2.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-18.Final_redhat_00017.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-18.Final_redhat_00017.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.77-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-10.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-26.SP12_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.6-5.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.6-5.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.2-1.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.2-1.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.3-1.Final_redhat_00001.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44906" }, { "category": "external", "summary": "RHBZ#2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h" } ], "release_date": "2022-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5893" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "minimist: prototype pollution" }, { "cve": "CVE-2022-24823", "cwe": { "id": "CWE-379", "name": "Creation of Temporary File in Directory with Insecure Permissions" }, "discovery_date": "2022-05-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-2.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-18.Final_redhat_00017.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-18.Final_redhat_00017.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.77-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-10.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-26.SP12_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.6-5.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.6-5.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.2-1.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.2-1.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.3-1.Final_redhat_00001.1.el8eap.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2087186" } ], "notes": [ { "category": "description", "text": "CVE-2021-21290 contains an incomplete fix, and this addresses the issue found in netty. When using multipart decoders in netty, local information disclosure can occur via the local system temporary directory if temporary storing of uploads on the disk is enabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: world readable temporary file containing sensitive data", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users.\n\nRed Hat Satellite 6 is not affected as is using netty 3.6.7 version which is not impacted by this vulnerability.\n\nRed Hat Fuse 7 is now in Maintenance Support Phase and should be fixed soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-2.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-18.Final_redhat_00017.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-18.Final_redhat_00017.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.77-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-10.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-26.SP12_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.6-5.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.6-5.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.2-1.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.2-1.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.3-1.Final_redhat_00001.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24823" }, { "category": "external", "summary": "RHBZ#2087186", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087186" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24823", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24823" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24823", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24823" } ], "release_date": "2022-05-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5893" }, { "category": "workaround", "details": "As a workaround, specify one\u0027s own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user.", "product_ids": [ "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-2.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-18.Final_redhat_00017.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-18.Final_redhat_00017.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.77-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-10.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-26.SP12_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.6-5.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.6-5.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.2-1.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.2-1.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.3-1.Final_redhat_00001.1.el8eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty: world readable temporary file containing sensitive data" }, { "cve": "CVE-2022-25647", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-05-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-2.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-18.Final_redhat_00017.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-18.Final_redhat_00017.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.77-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-10.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-26.SP12_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.6-5.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.6-5.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.2-1.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.2-1.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.3-1.Final_redhat_00001.1.el8eap.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2080850" } ], "notes": [ { "category": "description", "text": "A flaw was found in gson, which is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes. This issue may lead to availability attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.13-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.27-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.3-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-2.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-18.Final_redhat_00017.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-18.Final_redhat_00017.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.77-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-10.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-21.SP12_redhat_00011.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-26.SP12_redhat_00014.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.13-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.12-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.6-5.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.6-5.GA_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.2-1.Final_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-0:2.2.2-1.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-el8-x86_64-debuginfo-0:2.2.2-1.Final_redhat_00002.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.3-1.Final_redhat_00001.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25647" }, { "category": "external", "summary": "RHBZ#2080850", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080850" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25647", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25647" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25647", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25647" } ], "release_date": "2022-05-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5893" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson" } ] }
rhsa-2022_5894
Vulnerability from csaf_redhat
Published
2022-08-03 18:02
Modified
2024-09-16 07:49
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.6 Security update.
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.6 is a first release for Red Hat JBoss Enterprise Application Platform 7.4 on Red Hat Enterprise Linux 9, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.6 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson (CVE-2022-25647)
* org.jboss.hal-hal-parent: minimist: prototype pollution (CVE-2021-44906)
* netty: world readable temporary file containing sensitive data (CVE-2022-24823)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.6 is a first release for Red Hat JBoss Enterprise Application Platform 7.4 on Red Hat Enterprise Linux 9, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.6 Release Notes for information about the most significant bug fixes and enhancements included in this release.\nSecurity Fix(es):\n\n* com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson (CVE-2022-25647)\n\n* org.jboss.hal-hal-parent: minimist: prototype pollution (CVE-2021-44906)\n\n* netty: world readable temporary file containing sensitive data (CVE-2022-24823)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:5894", "url": "https://access.redhat.com/errata/RHSA-2022:5894" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/" }, { "category": "external", "summary": "2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "2080850", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080850" }, { "category": "external", "summary": "2087186", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087186" }, { "category": "external", "summary": "JBEAP-17119", "url": "https://issues.redhat.com/browse/JBEAP-17119" }, { "category": "external", "summary": "JBEAP-22457", "url": "https://issues.redhat.com/browse/JBEAP-22457" }, { "category": "external", "summary": "JBEAP-23344", "url": "https://issues.redhat.com/browse/JBEAP-23344" }, { "category": "external", "summary": "JBEAP-23444", "url": "https://issues.redhat.com/browse/JBEAP-23444" }, { "category": "external", "summary": "JBEAP-23492", "url": "https://issues.redhat.com/browse/JBEAP-23492" }, { "category": "external", "summary": "JBEAP-23526", "url": "https://issues.redhat.com/browse/JBEAP-23526" }, { "category": "external", "summary": "JBEAP-23528", "url": "https://issues.redhat.com/browse/JBEAP-23528" }, { "category": "external", "summary": "JBEAP-23546", "url": "https://issues.redhat.com/browse/JBEAP-23546" }, { "category": "external", "summary": "JBEAP-23550", "url": "https://issues.redhat.com/browse/JBEAP-23550" }, { "category": "external", "summary": "JBEAP-23551", "url": "https://issues.redhat.com/browse/JBEAP-23551" }, { "category": "external", "summary": "JBEAP-23554", "url": "https://issues.redhat.com/browse/JBEAP-23554" }, { "category": "external", "summary": "JBEAP-23556", "url": "https://issues.redhat.com/browse/JBEAP-23556" }, { "category": "external", "summary": "JBEAP-23557", "url": "https://issues.redhat.com/browse/JBEAP-23557" }, { "category": "external", "summary": "JBEAP-23559", "url": "https://issues.redhat.com/browse/JBEAP-23559" }, { "category": "external", "summary": "JBEAP-23561", "url": "https://issues.redhat.com/browse/JBEAP-23561" }, { "category": "external", "summary": "JBEAP-23566", "url": "https://issues.redhat.com/browse/JBEAP-23566" }, { "category": "external", "summary": "JBEAP-23571", "url": "https://issues.redhat.com/browse/JBEAP-23571" }, { "category": "external", "summary": "JBEAP-23626", "url": "https://issues.redhat.com/browse/JBEAP-23626" }, { "category": "external", "summary": "JBEAP-23659", "url": "https://issues.redhat.com/browse/JBEAP-23659" }, { "category": "external", "summary": "JBEAP-23671", "url": "https://issues.redhat.com/browse/JBEAP-23671" }, { "category": "external", "summary": "JBEAP-23686", "url": "https://issues.redhat.com/browse/JBEAP-23686" }, { "category": "external", "summary": "JBEAP-23726", "url": "https://issues.redhat.com/browse/JBEAP-23726" }, { "category": "external", "summary": "JBEAP-23728", "url": "https://issues.redhat.com/browse/JBEAP-23728" }, { "category": "external", "summary": "JBEAP-23806", "url": "https://issues.redhat.com/browse/JBEAP-23806" }, { "category": "external", "summary": "JBEAP-23807", "url": "https://issues.redhat.com/browse/JBEAP-23807" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2022/rhsa-2022_5894.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.6 Security update.", "tracking": { "current_release_date": "2024-09-16T07:49:55+00:00", "generator": { "date": "2024-09-16T07:49:55+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2022:5894", "initial_release_date": "2022-08-03T18:02:24+00:00", "revision_history": [ { "date": "2022-08-03T18:02:24+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-08-03T18:02:24+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-16T07:49:55+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.4 for RHEL 9", "product": { "name": "Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-0:1-18.el9eap.src", "product": { "name": "eap7-0:1-18.el9eap.src", "product_id": "eap7-0:1-18.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7@1-18.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el9eap.src", "product_id": "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-native@1.0.2-1.redhat_00001.1.el9eap?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "eap7-aesh-extensions-0:1.8.0-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-aesh-extensions-0:1.8.0-1.redhat_00001.1.el9eap.src", "product_id": "eap7-aesh-extensions-0:1.8.0-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-aesh-extensions@1.8.0-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-artemis-native-1:1.0.2-3.redhat_1.el9eap.src", "product": { "name": "eap7-artemis-native-1:1.0.2-3.redhat_1.el9eap.src", "product_id": "eap7-artemis-native-1:1.0.2-3.redhat_1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-artemis-native@1.0.2-3.redhat_1.el9eap?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "eap7-javapackages-tools-0:3.4.1-5.15.6.el9eap.src", "product": { "name": "eap7-javapackages-tools-0:3.4.1-5.15.6.el9eap.src", "product_id": "eap7-javapackages-tools-0:3.4.1-5.15.6.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-javapackages-tools@3.4.1-5.15.6.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jbossws-api-0:1.1.2-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jbossws-api-0:1.1.2-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jbossws-api-0:1.1.2-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jbossws-api@1.1.2-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-apache-commons-cli-0:1.4.0-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-apache-commons-cli-0:1.4.0-1.redhat_00001.1.el9eap.src", "product_id": "eap7-apache-commons-cli-0:1.4.0-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-commons-cli@1.4.0-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-apache-commons-collections-0:3.2.2-9.redhat_2.1.el9eap.src", "product": { "name": "eap7-apache-commons-collections-0:3.2.2-9.redhat_2.1.el9eap.src", "product_id": "eap7-apache-commons-collections-0:3.2.2-9.redhat_2.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-commons-collections@3.2.2-9.redhat_2.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-apache-commons-codec-0:1.15.0-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-apache-commons-codec-0:1.15.0-1.redhat_00001.1.el9eap.src", "product_id": "eap7-apache-commons-codec-0:1.15.0-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-commons-codec@1.15.0-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-caffeine-0:2.8.8-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-caffeine-0:2.8.8-1.redhat_00001.1.el9eap.src", "product_id": "eap7-caffeine-0:2.8.8-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-caffeine@2.8.8-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jbossws-common-0:3.3.3-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jbossws-common-0:3.3.3-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jbossws-common-0:3.3.3-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jbossws-common@3.3.3-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jctools-0:2.1.2-1.redhat_00003.1.el9eap.src", "product": { "name": "eap7-jctools-0:2.1.2-1.redhat_00003.1.el9eap.src", "product_id": "eap7-jctools-0:2.1.2-1.redhat_00003.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jctools@2.1.2-1.redhat_00003.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-apache-commons-lang2-0:2.6.0-1.redhat_7.1.el9eap.src", "product": { "name": "eap7-apache-commons-lang2-0:2.6.0-1.redhat_7.1.el9eap.src", "product_id": "eap7-apache-commons-lang2-0:2.6.0-1.redhat_7.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-commons-lang2@2.6.0-1.redhat_7.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jettison-0:1.4.0-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-jettison-0:1.4.0-1.redhat_00001.1.el9eap.src", "product_id": "eap7-jettison-0:1.4.0-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jettison@1.4.0-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-atinject-0:1.0.3-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-atinject-0:1.0.3-1.redhat_00001.1.el9eap.src", "product_id": "eap7-atinject-0:1.0.3-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-atinject@1.0.3-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-apache-commons-lang-0:3.11.0-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-apache-commons-lang-0:3.11.0-1.redhat_00001.1.el9eap.src", "product_id": "eap7-apache-commons-lang-0:3.11.0-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-commons-lang@3.11.0-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jbossws-common-tools-0:1.3.2-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jbossws-common-tools-0:1.3.2-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jbossws-common-tools-0:1.3.2-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jbossws-common-tools@1.3.2-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-dmr-0:1.5.1-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-dmr-0:1.5.1-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-dmr-0:1.5.1-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-dmr@1.5.1-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-glassfish-concurrent-0:1.1.1-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-glassfish-concurrent-0:1.1.1-1.redhat_00001.1.el9eap.src", "product_id": "eap7-glassfish-concurrent-0:1.1.1-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-concurrent@1.1.1-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el9eap.src", "product": { "name": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el9eap.src", "product_id": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-fge-btf@1.2.0-1.redhat_00007.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-glassfish-javamail-0:1.6.5-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-glassfish-javamail-0:1.6.5-1.redhat_00001.1.el9eap.src", "product_id": "eap7-glassfish-javamail-0:1.6.5-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-javamail@1.6.5-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-glassfish-jaf-0:1.2.2-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-glassfish-jaf-0:1.2.2-1.redhat_00001.1.el9eap.src", "product_id": "eap7-glassfish-jaf-0:1.2.2-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jaf@1.2.2-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-gnu-getopt-0:1.0.13-6.redhat_5.1.el9eap.src", "product": { "name": "eap7-gnu-getopt-0:1.0.13-6.redhat_5.1.el9eap.src", "product_id": "eap7-gnu-getopt-0:1.0.13-6.redhat_5.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-gnu-getopt@1.0.13-6.redhat_5.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-glassfish-json-0:1.1.6-2.redhat_00001.1.el9eap.src", "product": { "name": "eap7-glassfish-json-0:1.1.6-2.redhat_00001.1.el9eap.src", "product_id": "eap7-glassfish-json-0:1.1.6-2.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-json@1.1.6-2.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-beanvalidation-api-0:2.0.2-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-hibernate-beanvalidation-api-0:2.0.2-1.redhat_00001.1.el9eap.src", "product_id": "eap7-hibernate-beanvalidation-api-0:2.0.2-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-beanvalidation-api@2.0.2-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-aesh-0:2.4.0-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-aesh-0:2.4.0-1.redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-aesh-0:2.4.0-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-aesh@2.4.0-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-coreutils-0:1.8.0-1.redhat_00002.1.el9eap.src", "product": { "name": "eap7-jackson-coreutils-0:1.8.0-1.redhat_00002.1.el9eap.src", "product_id": "eap7-jackson-coreutils-0:1.8.0-1.redhat_00002.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-coreutils@1.8.0-1.redhat_00002.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-java-classmate-0:1.5.1-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-java-classmate-0:1.5.1-1.redhat_00001.1.el9eap.src", "product_id": "eap7-java-classmate-0:1.5.1-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-java-classmate@1.5.1-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jaxbintros-0:1.0.3-1.GA_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jaxbintros-0:1.0.3-1.GA_redhat_00001.1.el9eap.src", "product_id": "eap7-jaxbintros-0:1.0.3-1.GA_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jaxbintros@1.0.3-1.GA_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jakarta-security-enterprise-api-0:1.0.2-3.redhat_00001.1.el9eap.src", "product": { "name": "eap7-jakarta-security-enterprise-api-0:1.0.2-3.redhat_00001.1.el9eap.src", "product_id": "eap7-jakarta-security-enterprise-api-0:1.0.2-3.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jakarta-security-enterprise-api@1.0.2-3.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jaxen-0:1.1.6-14.redhat_2.1.el9eap.src", "product": { "name": "eap7-jaxen-0:1.1.6-14.redhat_2.1.el9eap.src", "product_id": "eap7-jaxen-0:1.1.6-14.redhat_2.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jaxen@1.1.6-14.redhat_2.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el9eap.src", "product": { "name": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el9eap.src", "product_id": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jasypt@1.9.3-1.redhat_00002.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jansi-0:1.18.0-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-jansi-0:1.18.0-1.redhat_00001.1.el9eap.src", "product_id": "eap7-jansi-0:1.18.0-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jansi@1.18.0-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-httpcomponents-core-0:4.4.14-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-httpcomponents-core-0:4.4.14-1.redhat_00001.1.el9eap.src", "product_id": "eap7-httpcomponents-core-0:4.4.14-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-httpcomponents-core@4.4.14-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wsdl4j-0:1.6.3-13.redhat_2.1.el9eap.src", "product": { "name": "eap7-wsdl4j-0:1.6.3-13.redhat_2.1.el9eap.src", "product_id": "eap7-wsdl4j-0:1.6.3-13.redhat_2.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wsdl4j@1.6.3-13.redhat_2.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-common-beans-0:2.0.1-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-common-beans-0:2.0.1-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-common-beans-0:2.0.1-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-common-beans@2.0.1-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-ejb3-ext-api-0:2.3.0-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-ejb3-ext-api-0:2.3.0-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-ejb3-ext-api-0:2.3.0-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-ejb3-ext-api@2.3.0-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-httpcomponents-client-0:4.5.13-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-httpcomponents-client-0:4.5.13-1.redhat_00001.1.el9eap.src", "product_id": "eap7-httpcomponents-client-0:4.5.13-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-httpcomponents-client@4.5.13-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jsonb-spec-0:1.0.2-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-jsonb-spec-0:1.0.2-1.redhat_00001.1.el9eap.src", "product_id": "eap7-jsonb-spec-0:1.0.2-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jsonb-spec@1.0.2-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-joda-time-0:2.9.7-2.redhat_1.1.el9eap.src", "product": { "name": "eap7-joda-time-0:2.9.7-2.redhat_1.1.el9eap.src", "product_id": "eap7-joda-time-0:2.9.7-2.redhat_1.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-joda-time@2.9.7-2.redhat_1.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-log4j2-jboss-logmanager-0:1.0.0-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-log4j2-jboss-logmanager-0:1.0.0-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-log4j2-jboss-logmanager-0:1.0.0-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-log4j2-jboss-logmanager@1.0.0-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jul-to-slf4j-stub-0:1.0.1-7.Final_redhat_3.1.el9eap.src", "product": { "name": "eap7-jul-to-slf4j-stub-0:1.0.1-7.Final_redhat_3.1.el9eap.src", "product_id": "eap7-jul-to-slf4j-stub-0:1.0.1-7.Final_redhat_3.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jul-to-slf4j-stub@1.0.1-7.Final_redhat_3.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-xnio-transport-0:0.1.9-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-netty-xnio-transport-0:0.1.9-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-netty-xnio-transport-0:0.1.9-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-xnio-transport@0.1.9-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-iiop-client-0:1.0.1-3.Final_redhat_1.1.el9eap.src", "product": { "name": "eap7-jboss-iiop-client-0:1.0.1-3.Final_redhat_1.1.el9eap.src", "product_id": "eap7-jboss-iiop-client-0:1.0.1-3.Final_redhat_1.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-iiop-client@1.0.1-3.Final_redhat_1.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-metadata-0:13.0.0-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-metadata-0:13.0.0-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-metadata-0:13.0.0-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-metadata@13.0.0-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-msc-0:1.4.12-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-msc-0:1.4.12-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-msc-0:1.4.12-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-msc@1.4.12-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-security-xacml-0:2.0.8-17.Final_redhat_8.1.el9eap.src", "product": { "name": "eap7-jboss-security-xacml-0:2.0.8-17.Final_redhat_8.1.el9eap.src", "product_id": "eap7-jboss-security-xacml-0:2.0.8-17.Final_redhat_8.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-security-xacml@2.0.8-17.Final_redhat_8.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-openjdk-orb-0:8.1.4-3.Final_redhat_00002.1.el9eap.src", "product": { "name": "eap7-jboss-openjdk-orb-0:8.1.4-3.Final_redhat_00002.1.el9eap.src", "product_id": "eap7-jboss-openjdk-orb-0:8.1.4-3.Final_redhat_00002.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-openjdk-orb@8.1.4-3.Final_redhat_00002.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-threads-0:2.4.0-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-threads-0:2.4.0-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-threads-0:2.4.0-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-threads@2.4.0-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-stdio-0:1.1.0-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-stdio-0:1.1.0-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-stdio-0:1.1.0-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-stdio@1.1.0-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-stax-ex-0:1.8.3-2.redhat_00002.1.el9eap.src", "product": { "name": "eap7-stax-ex-0:1.8.3-2.redhat_00002.1.el9eap.src", "product_id": "eap7-stax-ex-0:1.8.3-2.redhat_00002.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-stax-ex@1.8.3-2.redhat_00002.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-stax2-api-0:4.2.1-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-stax2-api-0:4.2.1-1.redhat_00001.1.el9eap.src", "product_id": "eap7-stax2-api-0:4.2.1-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-stax2-api@4.2.1-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-staxmapper-0:1.3.0-2.Final_redhat_1.1.el9eap.src", "product": { "name": "eap7-staxmapper-0:1.3.0-2.Final_redhat_1.1.el9eap.src", "product_id": "eap7-staxmapper-0:1.3.0-2.Final_redhat_1.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-staxmapper@1.3.0-2.Final_redhat_1.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-jastow-0:2.0.9-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-undertow-jastow-0:2.0.9-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-undertow-jastow-0:2.0.9-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow-jastow@2.0.9-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-js-0:1.0.2-2.Final_redhat_1.1.el9eap.src", "product": { "name": "eap7-undertow-js-0:1.0.2-2.Final_redhat_1.1.el9eap.src", "product_id": "eap7-undertow-js-0:1.0.2-2.Final_redhat_1.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow-js@1.0.2-2.Final_redhat_1.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-vdx-0:1.1.6-2.redhat_1.1.el9eap.src", "product": { "name": "eap7-vdx-0:1.1.6-2.redhat_1.1.el9eap.src", "product_id": "eap7-vdx-0:1.1.6-2.redhat_1.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-vdx@1.1.6-2.redhat_1.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-security-negotiation-0:3.0.6-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-security-negotiation-0:3.0.6-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-security-negotiation-0:3.0.6-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-security-negotiation@3.0.6-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-seam-int-0:7.0.0-6.GA_redhat_2.1.el9eap.src", "product": { "name": "eap7-jboss-seam-int-0:7.0.0-6.GA_redhat_2.1.el9eap.src", "product_id": "eap7-jboss-seam-int-0:7.0.0-6.GA_redhat_2.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-seam-int@7.0.0-6.GA_redhat_2.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-cryptacular-0:1.2.4-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-cryptacular-0:1.2.4-1.redhat_00001.1.el9eap.src", "product_id": "eap7-cryptacular-0:1.2.4-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-cryptacular@1.2.4-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el9eap.src", "product_id": "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-commons-io@2.10.0-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-lucene-solr-0:5.5.5-3.redhat_2.1.el9eap.src", "product": { "name": "eap7-lucene-solr-0:5.5.5-3.redhat_2.1.el9eap.src", "product_id": "eap7-lucene-solr-0:5.5.5-3.redhat_2.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-solr@5.5.5-3.redhat_2.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-antlr-0:2.7.7-54.redhat_7.1.el9eap.src", "product": { "name": "eap7-antlr-0:2.7.7-54.redhat_7.1.el9eap.src", "product_id": "eap7-antlr-0:2.7.7-54.redhat_7.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-antlr@2.7.7-54.redhat_7.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-agroal-0:1.3.0-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-agroal-0:1.3.0-1.redhat_00001.1.el9eap.src", "product_id": "eap7-agroal-0:1.3.0-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-agroal@1.3.0-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00002.1.el9eap.src", "product": { "name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00002.1.el9eap.src", "product_id": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00002.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-javaee-security-soteria@1.0.1-3.redhat_00002.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el9eap.src", "product_id": "eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-artemis-wildfly-integration@1.0.4-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-cal10n-0:0.8.1-6.redhat_1.1.el9eap.src", "product": { "name": "eap7-cal10n-0:0.8.1-6.redhat_1.1.el9eap.src", "product_id": "eap7-cal10n-0:0.8.1-6.redhat_1.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-cal10n@0.8.1-6.redhat_1.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el9eap.src", "product": { "name": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el9eap.src", "product_id": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-guava-failureaccess@1.0.1-1.redhat_00002.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el9eap.src", "product_id": "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ws-commons-XmlSchema@2.2.5-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jbossws-jaxws-undertow-httpspi-0:1.0.1-3.Final_redhat_1.1.el9eap.src", "product": { "name": "eap7-jbossws-jaxws-undertow-httpspi-0:1.0.1-3.Final_redhat_1.1.el9eap.src", "product_id": "eap7-jbossws-jaxws-undertow-httpspi-0:1.0.1-3.Final_redhat_1.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jbossws-jaxws-undertow-httpspi@1.0.1-3.Final_redhat_1.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.el9eap.src", "product": { "name": "eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.el9eap.src", "product_id": "eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-commons-beanutils@1.9.4-1.redhat_00002.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-aesh-readline-0:2.2.0-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-aesh-readline-0:2.2.0-1.redhat_00001.1.el9eap.src", "product_id": "eap7-aesh-readline-0:2.2.0-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-aesh-readline@2.2.0-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el9eap.src", "product": { "name": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el9eap.src", "product_id": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-fge-msg-simple@1.1.0-1.redhat_00007.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-reactive-streams-0:1.0.3-2.redhat_00003.1.el9eap.src", "product": { "name": "eap7-reactive-streams-0:1.0.3-2.redhat_00003.1.el9eap.src", "product_id": "eap7-reactive-streams-0:1.0.3-2.redhat_00003.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-reactive-streams@1.0.3-2.redhat_00003.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-protostream-0:4.3.5-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-protostream-0:4.3.5-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-protostream-0:4.3.5-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-protostream@4.3.5-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-javaee-jpa-spec-0:2.2.3-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-javaee-jpa-spec-0:2.2.3-1.redhat_00001.1.el9eap.src", "product_id": "eap7-javaee-jpa-spec-0:2.2.3-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-javaee-jpa-spec@2.2.3-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-slf4j-jboss-logmanager-0:1.1.0-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-slf4j-jboss-logmanager-0:1.1.0-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-slf4j-jboss-logmanager-0:1.1.0-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-slf4j-jboss-logmanager@1.1.0-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-json-patch-0:1.9.0-1.redhat_00002.1.el9eap.src", "product": { "name": "eap7-json-patch-0:1.9.0-1.redhat_00002.1.el9eap.src", "product_id": "eap7-json-patch-0:1.9.0-1.redhat_00002.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-json-patch@1.9.0-1.redhat_00002.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-picketbox-commons-0:1.0.0-4.final_redhat_5.1.el9eap.src", "product": { "name": "eap7-picketbox-commons-0:1.0.0-4.final_redhat_5.1.el9eap.src", "product_id": "eap7-picketbox-commons-0:1.0.0-4.final_redhat_5.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketbox-commons@1.0.0-4.final_redhat_5.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-genericjms-0:2.0.9-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-genericjms-0:2.0.9-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-genericjms-0:2.0.9-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.9-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-jmx-0:3.0.4-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-remoting-jmx-0:3.0.4-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-remoting-jmx-0:3.0.4-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting-jmx@3.0.4-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-reactivex-rxjava2-0:2.2.20-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-reactivex-rxjava2-0:2.2.20-1.redhat_00001.1.el9eap.src", "product_id": "eap7-reactivex-rxjava2-0:2.2.20-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-reactivex-rxjava2@2.2.20-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el9eap.src", "product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el9eap.src", "product": { "name": "eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el9eap.src", "product_id": "eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-36.redhat_00013.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-bouncycastle-0:1.68.0-2.redhat_00005.1.el9eap.src", "product": { "name": "eap7-bouncycastle-0:1.68.0-2.redhat_00005.1.el9eap.src", "product_id": "eap7-bouncycastle-0:1.68.0-2.redhat_00005.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle@1.68.0-2.redhat_00005.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-xml-commons-resolver-0:1.2.0-7.redhat_12.1.el9eap.src", "product": { "name": "eap7-xml-commons-resolver-0:1.2.0-7.redhat_12.1.el9eap.src", "product_id": "eap7-xml-commons-resolver-0:1.2.0-7.redhat_12.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xml-commons-resolver@1.2.0-7.redhat_12.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jcip-annotations-0:1.0.0-5.redhat_8.1.el9eap.src", "product": { "name": "eap7-jcip-annotations-0:1.0.0-5.redhat_8.1.el9eap.src", "product_id": "eap7-jcip-annotations-0:1.0.0-5.redhat_8.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jcip-annotations@1.0.0-5.redhat_8.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-commons-logging-jboss-logging-0:1.0.0-1.Final_redhat_1.1.el9eap.src", "product": { "name": "eap7-commons-logging-jboss-logging-0:1.0.0-1.Final_redhat_1.1.el9eap.src", "product_id": "eap7-commons-logging-jboss-logging-0:1.0.0-1.Final_redhat_1.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-commons-logging-jboss-logging@1.0.0-1.Final_redhat_1.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-invocation@1.6.3-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-2.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-batch-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-batch-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-batch-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-batch-api_1.0_spec@2.0.0-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-jaxb-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-jaxb-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-jaxb-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jaxb-api_2.3_spec@2.0.1-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-jaspi-api_1.1_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-jaspi-api_1.1_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-jaspi-api_1.1_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jaspi-api_1.1_spec@2.0.1-2.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-connector-api_1.7_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-connector-api_1.7_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-connector-api_1.7_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-connector-api_1.7_spec@2.0.0-2.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-weld-3.1-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-weld-3.1-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-weld-3.1-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-weld-3.1-api@3.1.0-6.SP3_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-el-api_3.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-el-api_3.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-el-api_3.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-el-api_3.0_spec@2.0.0-2.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-jaxws-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-jaxws-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-jaxws-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jaxws-api_2.3_spec@2.0.0-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-jaxrpc-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-jaxrpc-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-jaxrpc-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jaxrpc-api_1.1_spec@2.0.0-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-j2eemgmt-api_1.1_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-j2eemgmt-api_1.1_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-j2eemgmt-api_1.1_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-j2eemgmt-api_1.1_spec@2.0.0-2.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-transaction-api_1.3_spec-0:2.0.0-4.Final_redhat_00005.1.el9eap.src", "product": { "name": "eap7-jboss-transaction-api_1.3_spec-0:2.0.0-4.Final_redhat_00005.1.el9eap.src", "product_id": "eap7-jboss-transaction-api_1.3_spec-0:2.0.0-4.Final_redhat_00005.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-transaction-api_1.3_spec@2.0.0-4.Final_redhat_00005.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-saaj-api_1.4_spec-0:1.0.2-1.Final_redhat_00002.1.el9eap.src", "product": { "name": "eap7-jboss-saaj-api_1.4_spec-0:1.0.2-1.Final_redhat_00002.1.el9eap.src", "product_id": "eap7-jboss-saaj-api_1.4_spec-0:1.0.2-1.Final_redhat_00002.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-saaj-api_1.4_spec@1.0.2-1.Final_redhat_00002.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-websocket-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-websocket-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-websocket-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-websocket-api_1.1_spec@2.0.0-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-concurrency-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-concurrency-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-concurrency-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-concurrency-api_1.0_spec@2.0.0-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-jacc-api_1.5_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-jacc-api_1.5_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-jacc-api_1.5_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jacc-api_1.5_spec@2.0.0-2.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-jms-api_2.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-jms-api_2.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-jms-api_2.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jms-api_2.0_spec@2.0.0-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-ejb-api_3.2_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-ejb-api_3.2_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-ejb-api_3.2_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-ejb-api_3.2_spec@2.0.0-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.0-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-sun-saaj-1.4-impl-0:1.4.1-1.SP1_redhat_00001.1.el9eap.src", "product": { "name": "eap7-sun-saaj-1.4-impl-0:1.4.1-1.SP1_redhat_00001.1.el9eap.src", "product_id": "eap7-sun-saaj-1.4-impl-0:1.4.1-1.SP1_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-sun-saaj-1.4-impl@1.4.1-1.SP1_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-servlet-api_4.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-servlet-api_4.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-servlet-api_4.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-servlet-api_4.0_spec@2.0.0-2.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.18-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.16-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-velocity-0:2.3.0-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-velocity-0:2.3.0-1.redhat_00001.1.el9eap.src", "product_id": "eap7-velocity-0:2.3.0-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-velocity@2.3.0-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-codehaus-jackson-0:1.9.13-10.redhat_00007.1.el9eap.src", "product": { "name": "eap7-codehaus-jackson-0:1.9.13-10.redhat_00007.1.el9eap.src", "product_id": "eap7-codehaus-jackson-0:1.9.13-10.redhat_00007.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-codehaus-jackson@1.9.13-10.redhat_00007.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-sun-saaj-1.3-impl-0:1.3.16-18.SP1_redhat_6.1.el9eap.src", "product": { "name": "eap7-sun-saaj-1.3-impl-0:1.3.16-18.SP1_redhat_6.1.el9eap.src", "product_id": "eap7-sun-saaj-1.3-impl-0:1.3.16-18.SP1_redhat_6.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-sun-saaj-1.3-impl@1.3.16-18.SP1_redhat_6.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-saaj-api_1.3_spec-0:1.0.6-1.Final_redhat_1.1.el9eap.src", "product": { "name": "eap7-jboss-saaj-api_1.3_spec-0:1.0.6-1.Final_redhat_1.1.el9eap.src", "product_id": "eap7-jboss-saaj-api_1.3_spec-0:1.0.6-1.Final_redhat_1.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-saaj-api_1.3_spec@1.0.6-1.Final_redhat_1.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-jaxrs-api_2.1_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-jaxrs-api_2.1_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-jaxrs-api_2.1_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jaxrs-api_2.1_spec@2.0.1-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-interceptors-api_1.2_spec-0:2.0.0-3.Final_redhat_00002.1.el9eap.src", "product": { "name": "eap7-jboss-interceptors-api_1.2_spec-0:2.0.0-3.Final_redhat_00002.1.el9eap.src", "product_id": "eap7-jboss-interceptors-api_1.2_spec-0:2.0.0-3.Final_redhat_00002.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-interceptors-api_1.2_spec@2.0.0-3.Final_redhat_00002.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-weld-cdi-2.0-api-0:2.0.2-2.redhat_00002.1.el9eap.src", "product": { "name": "eap7-weld-cdi-2.0-api-0:2.0.2-2.redhat_00002.1.el9eap.src", "product_id": "eap7-weld-cdi-2.0-api-0:2.0.2-2.redhat_00002.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-cdi-2.0-api@2.0.2-2.redhat_00002.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-sun-ws-metadata-2.0-api-0:1.0.0-7.MR1_redhat_8.1.el9eap.src", "product": { "name": "eap7-sun-ws-metadata-2.0-api-0:1.0.0-7.MR1_redhat_8.1.el9eap.src", "product_id": "eap7-sun-ws-metadata-2.0-api-0:1.0.0-7.MR1_redhat_8.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-sun-ws-metadata-2.0-api@1.0.0-7.MR1_redhat_8.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el9eap.src", "product": { "name": "eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el9eap.src", "product_id": "eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jakarta-el@3.0.3-3.redhat_00007.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.el9eap.src", "product": { "name": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.el9eap.src", "product_id": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jsoup@1.14.2-1.redhat_00002.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-transaction-spi-0:7.6.0-2.Final_redhat_1.1.el9eap.src", "product": { "name": "eap7-jboss-transaction-spi-0:7.6.0-2.Final_redhat_1.1.el9eap.src", "product_id": "eap7-jboss-transaction-spi-0:7.6.0-2.Final_redhat_1.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-transaction-spi@7.6.0-2.Final_redhat_1.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el9eap.src", "product": { "name": "eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el9eap.src", "product_id": "eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-byte-buddy@1.11.12-2.redhat_00002.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el9eap.src", "product": { "name": "eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el9eap.src", "product_id": "eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-javassist@3.27.0-2.GA_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-modules@1.12.0-2.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el9eap.src", "product_id": "eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-sshd@2.7.0-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el9eap.src", "product": { "name": "eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el9eap.src", "product_id": "eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.0.202109080827-1.r_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-reactivex-rxjava-0:3.0.9-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-reactivex-rxjava-0:3.0.9-1.redhat_00001.1.el9eap.src", "product_id": "eap7-reactivex-rxjava-0:3.0.9-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-reactivex-rxjava@3.0.9-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hornetq-0:2.4.8-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-hornetq-0:2.4.8-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-hornetq-0:2.4.8-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hornetq@2.4.8-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-classfilewriter-0:1.2.5-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-classfilewriter-0:1.2.5-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-classfilewriter-0:1.2.5-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-classfilewriter@1.2.5-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jgroups-0:4.2.15-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jgroups-0:4.2.15-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jgroups-0:4.2.15-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jgroups@4.2.15-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-mod_cluster-0:1.4.4-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-mod_cluster-0:1.4.4-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-mod_cluster-0:1.4.4-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-mod_cluster@1.4.4-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-resteasy-0:3.15.3-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-resteasy-0:3.15.3-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-resteasy-0:3.15.3-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy@3.15.3-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-ejb-client-0:4.0.44-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-ejb-client-0:4.0.44-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-ejb-client-0:4.0.44-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.44-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-javaewah-0:1.1.7-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-javaewah-0:1.1.7-1.redhat_00001.1.el9eap.src", "product_id": "eap7-javaewah-0:1.1.7-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-javaewah@1.1.7-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-search-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-hibernate-search-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-hibernate-search-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-search@5.10.7-1.1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-shibboleth-java-support-0:7.3.0-1.1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-shibboleth-java-support-0:7.3.0-1.1.redhat_00001.1.el9eap.src", "product_id": "eap7-shibboleth-java-support-0:7.3.0-1.1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-shibboleth-java-support@7.3.0-1.1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-tomcat-taglibs-standard-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.src", "product": { "name": "eap7-tomcat-taglibs-standard-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.src", "product_id": "eap7-tomcat-taglibs-standard-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-tomcat-taglibs-standard@1.2.6-2.1.RC1_redhat_1.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-opensaml-0:3.3.1-1.1.redhat_00002.1.el9eap.src", "product": { "name": "eap7-opensaml-0:3.3.1-1.1.redhat_00002.1.el9eap.src", "product_id": "eap7-opensaml-0:3.3.1-1.1.redhat_00002.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-opensaml@3.3.1-1.1.redhat_00002.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-neethi-0:3.1.1-1.1.redhat_1.1.el9eap.src", "product": { "name": "eap7-neethi-0:3.1.1-1.1.redhat_1.1.el9eap.src", "product_id": "eap7-neethi-0:3.1.1-1.1.redhat_1.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-neethi@3.1.1-1.1.redhat_1.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-discovery-0:1.2.1-1.1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-wildfly-discovery-0:1.2.1-1.1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-wildfly-discovery-0:1.2.1-1.1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-discovery@1.2.1-1.1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-apache-cxf-xjc-utils-0:3.3.1-1.1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-apache-cxf-xjc-utils-0:3.3.1-1.1.redhat_00001.1.el9eap.src", "product_id": "eap7-apache-cxf-xjc-utils-0:3.3.1-1.1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-xjc-utils@3.3.1-1.1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-naming-client-0:1.0.14-1.1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-wildfly-naming-client-0:1.0.14-1.1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-wildfly-naming-client-0:1.0.14-1.1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-naming-client@1.0.14-1.1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-xml-security-0:2.1.7-1.1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-xml-security-0:2.1.7-1.1.redhat_00001.1.el9eap.src", "product_id": "eap7-xml-security-0:2.1.7-1.1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xml-security@2.1.7-1.1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wss4j-0:2.2.7-1.1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-wss4j-0:2.2.7-1.1.redhat_00001.1.el9eap.src", "product_id": "eap7-wss4j-0:2.2.7-1.1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wss4j@2.2.7-1.1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-slf4j-0:1.7.22-4.1.redhat_2.1.el9eap.src", "product": { "name": "eap7-slf4j-0:1.7.22-4.1.redhat_2.1.el9eap.src", "product_id": "eap7-slf4j-0:1.7.22-4.1.redhat_2.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-slf4j@1.7.22-4.1.redhat_2.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jgroups-azure-0:1.3.1-1.1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jgroups-azure-0:1.3.1-1.1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jgroups-azure-0:1.3.1-1.1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jgroups-azure@1.3.1-1.1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-woodstox-core-0:6.0.3-1.1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-woodstox-core-0:6.0.3-1.1.redhat_00001.1.el9eap.src", "product_id": "eap7-woodstox-core-0:6.0.3-1.1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-woodstox-core@6.0.3-1.1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-guava-libraries-0:30.1.0-1.1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-guava-libraries-0:30.1.0-1.1.redhat_00001.1.el9eap.src", "product_id": "eap7-guava-libraries-0:30.1.0-1.1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-guava-libraries@30.1.0-1.1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-client-config-0:1.0.1-2.1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-wildfly-client-config-0:1.0.1-2.1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-wildfly-client-config-0:1.0.1-2.1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-client-config@1.0.1-2.1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-sun-istack-commons-0:3.0.10-1.1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-sun-istack-commons-0:3.0.10-1.1.redhat_00001.1.el9eap.src", "product_id": "eap7-sun-istack-commons-0:3.0.10-1.1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-sun-istack-commons@3.0.10-1.1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-httpcomponents-asyncclient-0:4.1.4-1.1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-httpcomponents-asyncclient-0:4.1.4-1.1.redhat_00001.1.el9eap.src", "product_id": "eap7-httpcomponents-asyncclient-0:4.1.4-1.1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-httpcomponents-asyncclient@4.1.4-1.1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-avro-0:1.7.6-7.1.redhat_2.1.el9eap.src", "product": { "name": "eap7-avro-0:1.7.6-7.1.redhat_2.1.el9eap.src", "product_id": "eap7-avro-0:1.7.6-7.1.redhat_2.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-avro@1.7.6-7.1.redhat_2.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-apache-mime4j-0:0.6.0-4.1.redhat_7.1.el9eap.src", "product": { "name": "eap7-apache-mime4j-0:0.6.0-4.1.redhat_7.1.el9eap.src", "product_id": "eap7-apache-mime4j-0:0.6.0-4.1.redhat_7.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-mime4j@0.6.0-4.1.redhat_7.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-common-0:1.5.4-1.1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-wildfly-common-0:1.5.4-1.1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-wildfly-common-0:1.5.4-1.1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-common@1.5.4-1.1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-commons-annotations-0:5.0.5-1.1.Final_redhat_00002.1.el9eap.src", "product": { "name": "eap7-hibernate-commons-annotations-0:5.0.5-1.1.Final_redhat_00002.1.el9eap.src", "product_id": "eap7-hibernate-commons-annotations-0:5.0.5-1.1.Final_redhat_00002.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-commons-annotations@5.0.5-1.1.Final_redhat_00002.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-weld-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-weld-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-weld-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core@3.1.6-1.1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-glassfish-fastinfoset-0:1.2.13-11.1.redhat_1.1.el9eap.src", "product": { "name": "eap7-glassfish-fastinfoset-0:1.2.13-11.1.redhat_1.1.el9eap.src", "product_id": "eap7-glassfish-fastinfoset-0:1.2.13-11.1.redhat_1.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-fastinfoset@1.2.13-11.1.redhat_1.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-marshalling-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-marshalling-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-marshalling-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.12-1.1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-glassfish-jaxb-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.src", "product": { "name": "eap7-glassfish-jaxb-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.src", "product_id": "eap7-glassfish-jaxb-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jaxb@2.3.3-4.1.b02_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-azure-storage-0:8.6.6-1.1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-azure-storage-0:8.6.6-1.1.redhat_00001.1.el9eap.src", "product_id": "eap7-azure-storage-0:8.6.6-1.1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-azure-storage@8.6.6-1.1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-elytron-web-0:1.9.2-2.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-elytron-web-0:1.9.2-2.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-elytron-web-0:1.9.2-2.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-elytron-web@1.9.2-2.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-mustache-java-0:0.9.6-1.1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-mustache-java-0:0.9.6-1.1.redhat_00001.1.el9eap.src", "product_id": "eap7-mustache-java-0:0.9.6-1.1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-mustache-java@0.9.6-1.1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana@5.11.4-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-xom-0:1.3.7-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-xom-0:1.3.7-1.redhat_00001.1.el9eap.src", "product_id": "eap7-xom-0:1.3.7-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xom@1.3.7-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@11.0.15-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el9eap.src", "product": { "name": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el9eap.src", "product_id": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-objectweb-asm@9.1.0-1.redhat_00002.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-vfs@3.2.16-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el9eap.src", "product_id": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-yasson@1.0.10-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el9eap.src", "product": { "name": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el9eap.src", "product_id": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ecj@3.26.0-1.redhat_00002.1.el9eap?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "eap7-jboss-logging-0:3.4.1-2.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-logging-0:3.4.1-2.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-logging-0:3.4.1-2.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logging@3.4.1-2.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el9eap.src", "product": { "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el9eap.src", "product_id": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-snakeyaml@1.29.0-1.redhat_00001.2.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.4-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el9eap.src", "product": { "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el9eap.src", "product_id": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00004.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.15-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el9eap.src", "product": { "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el9eap.src", "product_id": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-log4j@2.17.1-2.redhat_00002.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el9eap.src", "product": { "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el9eap.src", "product_id": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-9.redhat_00042.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el9eap.src", "product_id": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.12.6-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el9eap.src", "product_id": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.6-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el9eap.src", "product_id": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.6-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el9eap.src", "product_id": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.6-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.7-1.SP1_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el9eap.src", "product": { "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el9eap.src", "product_id": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xerces-j2@2.12.0-3.SP04_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el9eap.src", "product_id": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.6-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el9eap.src", "product": { "name": "eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el9eap.src", "product_id": "eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-log4j-jboss-logmanager@1.2.2-1.Final_redhat_00002.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-tcnative@2.0.52-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el9eap.src", "product": { "name": "eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el9eap.src", "product_id": "eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.6.1-2.redhat_00004.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el9eap.src", "product": { "name": "eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el9eap.src", "product_id": "eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketbox@5.0.3-10.Final_redhat_00009.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el9eap.src", "product": { "name": "eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el9eap.src", "product_id": "eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.3-2.SP1_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.77-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.77-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.27-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-gson-0:2.8.9-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-gson-0:2.8.9-1.redhat_00001.1.el9eap.src", "product_id": "eap7-gson-0:2.8.9-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-gson@2.8.9-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jandex@2.4.2-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el9eap.src", "product": { "name": "eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el9eap.src", "product_id": "eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-federation@2.5.5-21.SP12_redhat_00011.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.13-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el9eap.src", "product_id": "eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-2.SP2_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el9eap.src", "product": { "name": "eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el9eap.src", "product_id": "eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.14-4.SP05_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.13-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el9eap.src", "product": { "name": "eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el9eap.src", "product_id": "eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.3.13-1.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.25-1.SP1_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl@2.2.3-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.src", "product": { "name": "eap7-wildfly-http-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.src", "product_id": "eap7-wildfly-http-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.1.12-1.SP1_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-el9-x86_64-0:2.2.2-1.Final_redhat_00002.1.el9eap.src", "product": { "name": "eap7-wildfly-openssl-el9-x86_64-0:2.2.2-1.Final_redhat_00002.1.el9eap.src", "product_id": "eap7-wildfly-openssl-el9-x86_64-0:2.2.2-1.Final_redhat_00002.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-el9-x86_64@2.2.2-1.Final_redhat_00002.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-5.SP06_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jbossws-spi-0:3.3.1-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jbossws-spi-0:3.3.1-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jbossws-spi-0:3.3.1-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jbossws-spi@3.3.1-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el9eap.src", "product": { "name": "eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el9eap.src", "product_id": "eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-26.SP12_redhat_00014.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el9eap.src", "product": { "name": "eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el9eap.src", "product_id": "eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.18-2.SP2_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el9eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el9eap.src", "product_id": "eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-18.Final_redhat_00017.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el9eap.src", "product": { "name": "eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el9eap.src", "product_id": "eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.6-5.GA_redhat_00002.1.el9eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-0:1-18.el9eap.x86_64", "product": { "name": "eap7-0:1-18.el9eap.x86_64", "product_id": "eap7-0:1-18.el9eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7@1-18.el9eap?arch=x86_64" } } }, { "category": "product_version", "name": "eap7-runtime-0:1-18.el9eap.x86_64", "product": { "name": "eap7-runtime-0:1-18.el9eap.x86_64", "product_id": "eap7-runtime-0:1-18.el9eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-runtime@1-18.el9eap?arch=x86_64" } } }, { "category": "product_version", "name": "eap7-artemis-native-1:1.0.2-3.redhat_1.el9eap.x86_64", "product": { "name": "eap7-artemis-native-1:1.0.2-3.redhat_1.el9eap.x86_64", "product_id": "eap7-artemis-native-1:1.0.2-3.redhat_1.el9eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-artemis-native@1.0.2-3.redhat_1.el9eap?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el9eap.x86_64", "product": { "name": "eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el9eap.x86_64", "product_id": "eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el9eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-artemis-native-wildfly@1.0.2-3.redhat_1.el9eap?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.x86_64", "product": { "name": "eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.x86_64", "product_id": "eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.77-1.Final_redhat_00001.1.el9eap?arch=x86_64" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.77-1.Final_redhat_00001.1.el9eap.x86_64", "product": { "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.77-1.Final_redhat_00001.1.el9eap.x86_64", "product_id": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.77-1.Final_redhat_00001.1.el9eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll-debuginfo@4.1.77-1.Final_redhat_00001.1.el9eap?arch=x86_64" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-el9-x86_64-0:2.2.2-1.Final_redhat_00002.1.el9eap.x86_64", "product": { "name": "eap7-wildfly-openssl-el9-x86_64-0:2.2.2-1.Final_redhat_00002.1.el9eap.x86_64", "product_id": "eap7-wildfly-openssl-el9-x86_64-0:2.2.2-1.Final_redhat_00002.1.el9eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-el9-x86_64@2.2.2-1.Final_redhat_00002.1.el9eap?arch=x86_64" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-el9-x86_64-debuginfo-0:2.2.2-1.Final_redhat_00002.1.el9eap.x86_64", "product": { "name": "eap7-wildfly-openssl-el9-x86_64-debuginfo-0:2.2.2-1.Final_redhat_00002.1.el9eap.x86_64", "product_id": "eap7-wildfly-openssl-el9-x86_64-debuginfo-0:2.2.2-1.Final_redhat_00002.1.el9eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-el9-x86_64-debuginfo@2.2.2-1.Final_redhat_00002.1.el9eap?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-native@1.0.2-1.redhat_00001.1.el9eap?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "eap7-aesh-extensions-0:1.8.0-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-aesh-extensions-0:1.8.0-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-aesh-extensions-0:1.8.0-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-aesh-extensions@1.8.0-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-javapackages-tools-0:3.4.1-5.15.6.el9eap.noarch", "product": { "name": "eap7-javapackages-tools-0:3.4.1-5.15.6.el9eap.noarch", "product_id": "eap7-javapackages-tools-0:3.4.1-5.15.6.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-javapackages-tools@3.4.1-5.15.6.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-python3-javapackages-0:3.4.1-5.15.6.el9eap.noarch", "product": { "name": "eap7-python3-javapackages-0:3.4.1-5.15.6.el9eap.noarch", "product_id": "eap7-python3-javapackages-0:3.4.1-5.15.6.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-python3-javapackages@3.4.1-5.15.6.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jbossws-api-0:1.1.2-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jbossws-api-0:1.1.2-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jbossws-api-0:1.1.2-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jbossws-api@1.1.2-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-commons-cli-0:1.4.0-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-apache-commons-cli-0:1.4.0-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-apache-commons-cli-0:1.4.0-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-commons-cli@1.4.0-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-commons-collections-0:3.2.2-9.redhat_2.1.el9eap.noarch", "product": { "name": "eap7-apache-commons-collections-0:3.2.2-9.redhat_2.1.el9eap.noarch", "product_id": "eap7-apache-commons-collections-0:3.2.2-9.redhat_2.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-commons-collections@3.2.2-9.redhat_2.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-commons-codec-0:1.15.0-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-apache-commons-codec-0:1.15.0-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-apache-commons-codec-0:1.15.0-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-commons-codec@1.15.0-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-caffeine-0:2.8.8-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-caffeine-0:2.8.8-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-caffeine-0:2.8.8-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-caffeine@2.8.8-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jbossws-common-0:3.3.3-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jbossws-common-0:3.3.3-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jbossws-common-0:3.3.3-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jbossws-common@3.3.3-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jctools-0:2.1.2-1.redhat_00003.1.el9eap.noarch", "product": { "name": "eap7-jctools-0:2.1.2-1.redhat_00003.1.el9eap.noarch", "product_id": "eap7-jctools-0:2.1.2-1.redhat_00003.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jctools@2.1.2-1.redhat_00003.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jctools-core-0:2.1.2-1.redhat_00003.1.el9eap.noarch", "product": { "name": "eap7-jctools-core-0:2.1.2-1.redhat_00003.1.el9eap.noarch", "product_id": "eap7-jctools-core-0:2.1.2-1.redhat_00003.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jctools-core@2.1.2-1.redhat_00003.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-commons-lang2-0:2.6.0-1.redhat_7.1.el9eap.noarch", "product": { "name": "eap7-apache-commons-lang2-0:2.6.0-1.redhat_7.1.el9eap.noarch", "product_id": "eap7-apache-commons-lang2-0:2.6.0-1.redhat_7.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-commons-lang2@2.6.0-1.redhat_7.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jettison-0:1.4.0-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jettison-0:1.4.0-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-jettison-0:1.4.0-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jettison@1.4.0-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-atinject-0:1.0.3-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-atinject-0:1.0.3-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-atinject-0:1.0.3-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-atinject@1.0.3-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-commons-lang-0:3.11.0-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-apache-commons-lang-0:3.11.0-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-apache-commons-lang-0:3.11.0-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-commons-lang@3.11.0-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jbossws-common-tools-0:1.3.2-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jbossws-common-tools-0:1.3.2-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jbossws-common-tools-0:1.3.2-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jbossws-common-tools@1.3.2-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-dmr-0:1.5.1-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-dmr-0:1.5.1-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-dmr-0:1.5.1-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-dmr@1.5.1-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-glassfish-concurrent-0:1.1.1-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-glassfish-concurrent-0:1.1.1-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-glassfish-concurrent-0:1.1.1-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-concurrent@1.1.1-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el9eap.noarch", "product": { "name": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el9eap.noarch", "product_id": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-fge-btf@1.2.0-1.redhat_00007.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-glassfish-javamail-0:1.6.5-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-glassfish-javamail-0:1.6.5-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-glassfish-javamail-0:1.6.5-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-javamail@1.6.5-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-glassfish-jaf-0:1.2.2-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-glassfish-jaf-0:1.2.2-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-glassfish-jaf-0:1.2.2-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jaf@1.2.2-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-gnu-getopt-0:1.0.13-6.redhat_5.1.el9eap.noarch", "product": { "name": "eap7-gnu-getopt-0:1.0.13-6.redhat_5.1.el9eap.noarch", "product_id": "eap7-gnu-getopt-0:1.0.13-6.redhat_5.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-gnu-getopt@1.0.13-6.redhat_5.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-glassfish-json-0:1.1.6-2.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-glassfish-json-0:1.1.6-2.redhat_00001.1.el9eap.noarch", "product_id": "eap7-glassfish-json-0:1.1.6-2.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-json@1.1.6-2.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-beanvalidation-api-0:2.0.2-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-hibernate-beanvalidation-api-0:2.0.2-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-hibernate-beanvalidation-api-0:2.0.2-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-beanvalidation-api@2.0.2-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-aesh-0:2.4.0-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-aesh-0:2.4.0-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-aesh-0:2.4.0-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-aesh@2.4.0-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-coreutils-0:1.8.0-1.redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-jackson-coreutils-0:1.8.0-1.redhat_00002.1.el9eap.noarch", "product_id": "eap7-jackson-coreutils-0:1.8.0-1.redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-coreutils@1.8.0-1.redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-java-classmate-0:1.5.1-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-java-classmate-0:1.5.1-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-java-classmate-0:1.5.1-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-java-classmate@1.5.1-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jaxbintros-0:1.0.3-1.GA_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jaxbintros-0:1.0.3-1.GA_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jaxbintros-0:1.0.3-1.GA_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jaxbintros@1.0.3-1.GA_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jakarta-security-enterprise-api-0:1.0.2-3.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jakarta-security-enterprise-api-0:1.0.2-3.redhat_00001.1.el9eap.noarch", "product_id": "eap7-jakarta-security-enterprise-api-0:1.0.2-3.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jakarta-security-enterprise-api@1.0.2-3.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jaxen-0:1.1.6-14.redhat_2.1.el9eap.noarch", "product": { "name": "eap7-jaxen-0:1.1.6-14.redhat_2.1.el9eap.noarch", "product_id": "eap7-jaxen-0:1.1.6-14.redhat_2.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jaxen@1.1.6-14.redhat_2.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el9eap.noarch", "product_id": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jasypt@1.9.3-1.redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jansi-0:1.18.0-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jansi-0:1.18.0-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-jansi-0:1.18.0-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jansi@1.18.0-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-httpcomponents-core-0:4.4.14-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-httpcomponents-core-0:4.4.14-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-httpcomponents-core-0:4.4.14-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-httpcomponents-core@4.4.14-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wsdl4j-0:1.6.3-13.redhat_2.1.el9eap.noarch", "product": { "name": "eap7-wsdl4j-0:1.6.3-13.redhat_2.1.el9eap.noarch", "product_id": "eap7-wsdl4j-0:1.6.3-13.redhat_2.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wsdl4j@1.6.3-13.redhat_2.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-common-beans-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-common-beans-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-common-beans-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-common-beans@2.0.1-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-ejb3-ext-api-0:2.3.0-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-ejb3-ext-api-0:2.3.0-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-ejb3-ext-api-0:2.3.0-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-ejb3-ext-api@2.3.0-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-httpcomponents-client-0:4.5.13-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-httpcomponents-client-0:4.5.13-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-httpcomponents-client-0:4.5.13-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-httpcomponents-client@4.5.13-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jsonb-spec-0:1.0.2-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jsonb-spec-0:1.0.2-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-jsonb-spec-0:1.0.2-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jsonb-spec@1.0.2-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-joda-time-0:2.9.7-2.redhat_1.1.el9eap.noarch", "product": { "name": "eap7-joda-time-0:2.9.7-2.redhat_1.1.el9eap.noarch", "product_id": "eap7-joda-time-0:2.9.7-2.redhat_1.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-joda-time@2.9.7-2.redhat_1.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-log4j2-jboss-logmanager-0:1.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-log4j2-jboss-logmanager-0:1.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-log4j2-jboss-logmanager-0:1.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-log4j2-jboss-logmanager@1.0.0-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jul-to-slf4j-stub-0:1.0.1-7.Final_redhat_3.1.el9eap.noarch", "product": { "name": "eap7-jul-to-slf4j-stub-0:1.0.1-7.Final_redhat_3.1.el9eap.noarch", "product_id": "eap7-jul-to-slf4j-stub-0:1.0.1-7.Final_redhat_3.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jul-to-slf4j-stub@1.0.1-7.Final_redhat_3.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-xnio-transport-0:0.1.9-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-xnio-transport-0:0.1.9-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-xnio-transport-0:0.1.9-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-xnio-transport@0.1.9-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-iiop-client-0:1.0.1-3.Final_redhat_1.1.el9eap.noarch", "product": { "name": "eap7-jboss-iiop-client-0:1.0.1-3.Final_redhat_1.1.el9eap.noarch", "product_id": "eap7-jboss-iiop-client-0:1.0.1-3.Final_redhat_1.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-iiop-client@1.0.1-3.Final_redhat_1.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-metadata-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-metadata-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-metadata-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-metadata@13.0.0-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-metadata-appclient-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-metadata-appclient-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-metadata-appclient-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-metadata-appclient@13.0.0-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-metadata-common-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-metadata-common-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-metadata-common-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-metadata-common@13.0.0-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-metadata-ear-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-metadata-ear-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-metadata-ear-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-metadata-ear@13.0.0-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-metadata-ejb-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-metadata-ejb-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-metadata-ejb-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-metadata-ejb@13.0.0-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-metadata-web-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-metadata-web-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-metadata-web-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-metadata-web@13.0.0-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-msc-0:1.4.12-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-msc-0:1.4.12-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-msc-0:1.4.12-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-msc@1.4.12-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-security-xacml-0:2.0.8-17.Final_redhat_8.1.el9eap.noarch", "product": { "name": "eap7-jboss-security-xacml-0:2.0.8-17.Final_redhat_8.1.el9eap.noarch", "product_id": "eap7-jboss-security-xacml-0:2.0.8-17.Final_redhat_8.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-security-xacml@2.0.8-17.Final_redhat_8.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-openjdk-orb-0:8.1.4-3.Final_redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-jboss-openjdk-orb-0:8.1.4-3.Final_redhat_00002.1.el9eap.noarch", "product_id": "eap7-jboss-openjdk-orb-0:8.1.4-3.Final_redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-openjdk-orb@8.1.4-3.Final_redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-threads-0:2.4.0-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-threads-0:2.4.0-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-threads-0:2.4.0-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-threads@2.4.0-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-stdio-0:1.1.0-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-stdio-0:1.1.0-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-stdio-0:1.1.0-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-stdio@1.1.0-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-stax-ex-0:1.8.3-2.redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-stax-ex-0:1.8.3-2.redhat_00002.1.el9eap.noarch", "product_id": "eap7-stax-ex-0:1.8.3-2.redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-stax-ex@1.8.3-2.redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-stax2-api-0:4.2.1-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-stax2-api-0:4.2.1-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-stax2-api-0:4.2.1-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-stax2-api@4.2.1-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-staxmapper-0:1.3.0-2.Final_redhat_1.1.el9eap.noarch", "product": { "name": "eap7-staxmapper-0:1.3.0-2.Final_redhat_1.1.el9eap.noarch", "product_id": "eap7-staxmapper-0:1.3.0-2.Final_redhat_1.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-staxmapper@1.3.0-2.Final_redhat_1.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-jastow-0:2.0.9-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-undertow-jastow-0:2.0.9-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-undertow-jastow-0:2.0.9-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow-jastow@2.0.9-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-js-0:1.0.2-2.Final_redhat_1.1.el9eap.noarch", "product": { "name": "eap7-undertow-js-0:1.0.2-2.Final_redhat_1.1.el9eap.noarch", "product_id": "eap7-undertow-js-0:1.0.2-2.Final_redhat_1.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow-js@1.0.2-2.Final_redhat_1.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-vdx-core-0:1.1.6-2.redhat_1.1.el9eap.noarch", "product": { "name": "eap7-vdx-core-0:1.1.6-2.redhat_1.1.el9eap.noarch", "product_id": "eap7-vdx-core-0:1.1.6-2.redhat_1.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-vdx-core@1.1.6-2.redhat_1.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-vdx-wildfly-0:1.1.6-2.redhat_1.1.el9eap.noarch", "product": { "name": "eap7-vdx-wildfly-0:1.1.6-2.redhat_1.1.el9eap.noarch", "product_id": "eap7-vdx-wildfly-0:1.1.6-2.redhat_1.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-vdx-wildfly@1.1.6-2.redhat_1.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-security-negotiation-0:3.0.6-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-security-negotiation-0:3.0.6-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-security-negotiation-0:3.0.6-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-security-negotiation@3.0.6-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-seam-int-0:7.0.0-6.GA_redhat_2.1.el9eap.noarch", "product": { "name": "eap7-jboss-seam-int-0:7.0.0-6.GA_redhat_2.1.el9eap.noarch", "product_id": "eap7-jboss-seam-int-0:7.0.0-6.GA_redhat_2.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-seam-int@7.0.0-6.GA_redhat_2.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-cryptacular-0:1.2.4-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-cryptacular-0:1.2.4-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-cryptacular-0:1.2.4-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-cryptacular@1.2.4-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-commons-io@2.10.0-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-analyzers-common-0:5.5.5-3.redhat_2.1.el9eap.noarch", "product": { "name": "eap7-lucene-analyzers-common-0:5.5.5-3.redhat_2.1.el9eap.noarch", "product_id": "eap7-lucene-analyzers-common-0:5.5.5-3.redhat_2.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-analyzers-common@5.5.5-3.redhat_2.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-backward-codecs-0:5.5.5-3.redhat_2.1.el9eap.noarch", "product": { "name": "eap7-lucene-backward-codecs-0:5.5.5-3.redhat_2.1.el9eap.noarch", "product_id": "eap7-lucene-backward-codecs-0:5.5.5-3.redhat_2.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-backward-codecs@5.5.5-3.redhat_2.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-core-0:5.5.5-3.redhat_2.1.el9eap.noarch", "product": { "name": "eap7-lucene-core-0:5.5.5-3.redhat_2.1.el9eap.noarch", "product_id": "eap7-lucene-core-0:5.5.5-3.redhat_2.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-core@5.5.5-3.redhat_2.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-facet-0:5.5.5-3.redhat_2.1.el9eap.noarch", "product": { "name": "eap7-lucene-facet-0:5.5.5-3.redhat_2.1.el9eap.noarch", "product_id": "eap7-lucene-facet-0:5.5.5-3.redhat_2.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-facet@5.5.5-3.redhat_2.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-misc-0:5.5.5-3.redhat_2.1.el9eap.noarch", "product": { "name": "eap7-lucene-misc-0:5.5.5-3.redhat_2.1.el9eap.noarch", "product_id": "eap7-lucene-misc-0:5.5.5-3.redhat_2.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-misc@5.5.5-3.redhat_2.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-queries-0:5.5.5-3.redhat_2.1.el9eap.noarch", "product": { "name": "eap7-lucene-queries-0:5.5.5-3.redhat_2.1.el9eap.noarch", "product_id": "eap7-lucene-queries-0:5.5.5-3.redhat_2.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-queries@5.5.5-3.redhat_2.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-queryparser-0:5.5.5-3.redhat_2.1.el9eap.noarch", "product": { "name": "eap7-lucene-queryparser-0:5.5.5-3.redhat_2.1.el9eap.noarch", "product_id": "eap7-lucene-queryparser-0:5.5.5-3.redhat_2.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-queryparser@5.5.5-3.redhat_2.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-lucene-solr-0:5.5.5-3.redhat_2.1.el9eap.noarch", "product": { "name": "eap7-lucene-solr-0:5.5.5-3.redhat_2.1.el9eap.noarch", "product_id": "eap7-lucene-solr-0:5.5.5-3.redhat_2.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-lucene-solr@5.5.5-3.redhat_2.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-antlr-0:2.7.7-54.redhat_7.1.el9eap.noarch", "product": { "name": "eap7-antlr-0:2.7.7-54.redhat_7.1.el9eap.noarch", "product_id": "eap7-antlr-0:2.7.7-54.redhat_7.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-antlr@2.7.7-54.redhat_7.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-agroal-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-agroal-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-agroal-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-agroal@1.3.0-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-agroal-api-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-agroal-api-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-agroal-api-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-agroal-api@1.3.0-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-agroal-narayana-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-agroal-narayana-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-agroal-narayana-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-agroal-narayana@1.3.0-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-agroal-pool-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-agroal-pool-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-agroal-pool-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-agroal-pool@1.3.0-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00002.1.el9eap.noarch", "product_id": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-javaee-security-soteria@1.0.1-3.redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00002.1.el9eap.noarch", "product_id": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-javaee-security-soteria-enterprise@1.0.1-3.redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-artemis-wildfly-integration@1.0.4-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-cal10n-0:0.8.1-6.redhat_1.1.el9eap.noarch", "product": { "name": "eap7-cal10n-0:0.8.1-6.redhat_1.1.el9eap.noarch", "product_id": "eap7-cal10n-0:0.8.1-6.redhat_1.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-cal10n@0.8.1-6.redhat_1.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el9eap.noarch", "product_id": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-guava-failureaccess@1.0.1-1.redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ws-commons-XmlSchema@2.2.5-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jbossws-jaxws-undertow-httpspi-0:1.0.1-3.Final_redhat_1.1.el9eap.noarch", "product": { "name": "eap7-jbossws-jaxws-undertow-httpspi-0:1.0.1-3.Final_redhat_1.1.el9eap.noarch", "product_id": "eap7-jbossws-jaxws-undertow-httpspi-0:1.0.1-3.Final_redhat_1.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jbossws-jaxws-undertow-httpspi@1.0.1-3.Final_redhat_1.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.el9eap.noarch", "product_id": "eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-commons-beanutils@1.9.4-1.redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-aesh-readline-0:2.2.0-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-aesh-readline-0:2.2.0-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-aesh-readline-0:2.2.0-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-aesh-readline@2.2.0-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el9eap.noarch", "product": { "name": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el9eap.noarch", "product_id": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-fge-msg-simple@1.1.0-1.redhat_00007.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-reactive-streams-0:1.0.3-2.redhat_00003.1.el9eap.noarch", "product": { "name": "eap7-reactive-streams-0:1.0.3-2.redhat_00003.1.el9eap.noarch", "product_id": "eap7-reactive-streams-0:1.0.3-2.redhat_00003.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-reactive-streams@1.0.3-2.redhat_00003.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-protostream-0:4.3.5-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-protostream-0:4.3.5-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-protostream-0:4.3.5-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-protostream@4.3.5-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-javaee-jpa-spec-0:2.2.3-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-javaee-jpa-spec-0:2.2.3-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-javaee-jpa-spec-0:2.2.3-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-javaee-jpa-spec@2.2.3-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-slf4j-jboss-logmanager-0:1.1.0-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-slf4j-jboss-logmanager-0:1.1.0-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-slf4j-jboss-logmanager-0:1.1.0-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-slf4j-jboss-logmanager@1.1.0-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-json-patch-0:1.9.0-1.redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-json-patch-0:1.9.0-1.redhat_00002.1.el9eap.noarch", "product_id": "eap7-json-patch-0:1.9.0-1.redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-json-patch@1.9.0-1.redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketbox-commons-0:1.0.0-4.final_redhat_5.1.el9eap.noarch", "product": { "name": "eap7-picketbox-commons-0:1.0.0-4.final_redhat_5.1.el9eap.noarch", "product_id": "eap7-picketbox-commons-0:1.0.0-4.final_redhat_5.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketbox-commons@1.0.0-4.final_redhat_5.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-genericjms-0:2.0.9-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-genericjms-0:2.0.9-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-genericjms-0:2.0.9-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-genericjms@2.0.9-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-jmx-0:3.0.4-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-remoting-jmx-0:3.0.4-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-remoting-jmx-0:3.0.4-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting-jmx@3.0.4-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-reactivex-rxjava2-0:2.2.20-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-reactivex-rxjava2-0:2.2.20-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-reactivex-rxjava2-0:2.2.20-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-reactivex-rxjava2@2.2.20-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-dom4j@2.1.3-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el9eap.noarch", "product": { "name": "eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el9eap.noarch", "product_id": "eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-36.redhat_00013.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "product": { "name": "eap7-bouncycastle-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "product_id": "eap7-bouncycastle-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle@1.68.0-2.redhat_00005.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-mail-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "product": { "name": "eap7-bouncycastle-mail-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "product_id": "eap7-bouncycastle-mail-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle-mail@1.68.0-2.redhat_00005.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-pg-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "product": { "name": "eap7-bouncycastle-pg-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "product_id": "eap7-bouncycastle-pg-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle-pg@1.68.0-2.redhat_00005.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-pkix-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "product": { "name": "eap7-bouncycastle-pkix-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "product_id": "eap7-bouncycastle-pkix-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle-pkix@1.68.0-2.redhat_00005.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-prov-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "product": { "name": "eap7-bouncycastle-prov-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "product_id": "eap7-bouncycastle-prov-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle-prov@1.68.0-2.redhat_00005.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-xml-commons-resolver-0:1.2.0-7.redhat_12.1.el9eap.noarch", "product": { "name": "eap7-xml-commons-resolver-0:1.2.0-7.redhat_12.1.el9eap.noarch", "product_id": "eap7-xml-commons-resolver-0:1.2.0-7.redhat_12.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xml-commons-resolver@1.2.0-7.redhat_12.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-xml-resolver-0:1.2.0-7.redhat_12.1.el9eap.noarch", "product": { "name": "eap7-xml-resolver-0:1.2.0-7.redhat_12.1.el9eap.noarch", "product_id": "eap7-xml-resolver-0:1.2.0-7.redhat_12.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xml-resolver@1.2.0-7.redhat_12.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jcip-annotations-0:1.0.0-5.redhat_8.1.el9eap.noarch", "product": { "name": "eap7-jcip-annotations-0:1.0.0-5.redhat_8.1.el9eap.noarch", "product_id": "eap7-jcip-annotations-0:1.0.0-5.redhat_8.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jcip-annotations@1.0.0-5.redhat_8.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-commons-logging-jboss-logging-0:1.0.0-1.Final_redhat_1.1.el9eap.noarch", "product": { "name": "eap7-commons-logging-jboss-logging-0:1.0.0-1.Final_redhat_1.1.el9eap.noarch", "product_id": "eap7-commons-logging-jboss-logging-0:1.0.0-1.Final_redhat_1.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-commons-logging-jboss-logging@1.0.0-1.Final_redhat_1.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-invocation@1.6.3-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-2.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-batch-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-batch-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-batch-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-batch-api_1.0_spec@2.0.0-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-jaxb-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-jaxb-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-jaxb-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jaxb-api_2.3_spec@2.0.1-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-jaspi-api_1.1_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-jaspi-api_1.1_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-jaspi-api_1.1_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jaspi-api_1.1_spec@2.0.1-2.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-connector-api_1.7_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-connector-api_1.7_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-connector-api_1.7_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-connector-api_1.7_spec@2.0.0-2.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-weld-3.1-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-weld-3.1-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-weld-3.1-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-weld-3.1-api@3.1.0-6.SP3_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-weld-3.1-api-weld-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-weld-3.1-api-weld-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-weld-3.1-api-weld-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-weld-3.1-api-weld-api@3.1.0-6.SP3_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-weld-3.1-api-weld-spi-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-weld-3.1-api-weld-spi-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-weld-3.1-api-weld-spi-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-weld-3.1-api-weld-spi@3.1.0-6.SP3_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-el-api_3.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-el-api_3.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-el-api_3.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-el-api_3.0_spec@2.0.0-2.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-jaxws-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-jaxws-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-jaxws-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jaxws-api_2.3_spec@2.0.0-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-jaxrpc-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-jaxrpc-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-jaxrpc-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jaxrpc-api_1.1_spec@2.0.0-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-j2eemgmt-api_1.1_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-j2eemgmt-api_1.1_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-j2eemgmt-api_1.1_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-j2eemgmt-api_1.1_spec@2.0.0-2.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-transaction-api_1.3_spec-0:2.0.0-4.Final_redhat_00005.1.el9eap.noarch", "product": { "name": "eap7-jboss-transaction-api_1.3_spec-0:2.0.0-4.Final_redhat_00005.1.el9eap.noarch", "product_id": "eap7-jboss-transaction-api_1.3_spec-0:2.0.0-4.Final_redhat_00005.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-transaction-api_1.3_spec@2.0.0-4.Final_redhat_00005.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-saaj-api_1.4_spec-0:1.0.2-1.Final_redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-jboss-saaj-api_1.4_spec-0:1.0.2-1.Final_redhat_00002.1.el9eap.noarch", "product_id": "eap7-jboss-saaj-api_1.4_spec-0:1.0.2-1.Final_redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-saaj-api_1.4_spec@1.0.2-1.Final_redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-websocket-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-websocket-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-websocket-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-websocket-api_1.1_spec@2.0.0-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-concurrency-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-concurrency-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-concurrency-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-concurrency-api_1.0_spec@2.0.0-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-jacc-api_1.5_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-jacc-api_1.5_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-jacc-api_1.5_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jacc-api_1.5_spec@2.0.0-2.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-jms-api_2.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-jms-api_2.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-jms-api_2.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jms-api_2.0_spec@2.0.0-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-ejb-api_3.2_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-ejb-api_3.2_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-ejb-api_3.2_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-ejb-api_3.2_spec@2.0.0-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.0-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-sun-saaj-1.4-impl-0:1.4.1-1.SP1_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-sun-saaj-1.4-impl-0:1.4.1-1.SP1_redhat_00001.1.el9eap.noarch", "product_id": "eap7-sun-saaj-1.4-impl-0:1.4.1-1.SP1_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-sun-saaj-1.4-impl@1.4.1-1.SP1_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-servlet-api_4.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-servlet-api_4.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-servlet-api_4.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-servlet-api_4.0_spec@2.0.0-2.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logmanager@2.1.18-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.16-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-velocity-0:2.3.0-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-velocity-0:2.3.0-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-velocity-0:2.3.0-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-velocity@2.3.0-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-velocity-engine-core@2.3.0-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-codehaus-jackson-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "product": { "name": "eap7-codehaus-jackson-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "product_id": "eap7-codehaus-jackson-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-codehaus-jackson@1.9.13-10.redhat_00007.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-codehaus-jackson-core-asl-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "product": { "name": "eap7-codehaus-jackson-core-asl-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "product_id": "eap7-codehaus-jackson-core-asl-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-codehaus-jackson-core-asl@1.9.13-10.redhat_00007.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-codehaus-jackson-jaxrs-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "product": { "name": "eap7-codehaus-jackson-jaxrs-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "product_id": "eap7-codehaus-jackson-jaxrs-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-codehaus-jackson-jaxrs@1.9.13-10.redhat_00007.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-codehaus-jackson-mapper-asl-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "product": { "name": "eap7-codehaus-jackson-mapper-asl-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "product_id": "eap7-codehaus-jackson-mapper-asl-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-codehaus-jackson-mapper-asl@1.9.13-10.redhat_00007.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-codehaus-jackson-xc-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "product": { "name": "eap7-codehaus-jackson-xc-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "product_id": "eap7-codehaus-jackson-xc-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-codehaus-jackson-xc@1.9.13-10.redhat_00007.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-sun-saaj-1.3-impl-0:1.3.16-18.SP1_redhat_6.1.el9eap.noarch", "product": { "name": "eap7-sun-saaj-1.3-impl-0:1.3.16-18.SP1_redhat_6.1.el9eap.noarch", "product_id": "eap7-sun-saaj-1.3-impl-0:1.3.16-18.SP1_redhat_6.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-sun-saaj-1.3-impl@1.3.16-18.SP1_redhat_6.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-saaj-api_1.3_spec-0:1.0.6-1.Final_redhat_1.1.el9eap.noarch", "product": { "name": "eap7-jboss-saaj-api_1.3_spec-0:1.0.6-1.Final_redhat_1.1.el9eap.noarch", "product_id": "eap7-jboss-saaj-api_1.3_spec-0:1.0.6-1.Final_redhat_1.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-saaj-api_1.3_spec@1.0.6-1.Final_redhat_1.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-jaxrs-api_2.1_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-jaxrs-api_2.1_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-jaxrs-api_2.1_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jaxrs-api_2.1_spec@2.0.1-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-interceptors-api_1.2_spec-0:2.0.0-3.Final_redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-jboss-interceptors-api_1.2_spec-0:2.0.0-3.Final_redhat_00002.1.el9eap.noarch", "product_id": "eap7-jboss-interceptors-api_1.2_spec-0:2.0.0-3.Final_redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-interceptors-api_1.2_spec@2.0.0-3.Final_redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-cdi-2.0-api-0:2.0.2-2.redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-weld-cdi-2.0-api-0:2.0.2-2.redhat_00002.1.el9eap.noarch", "product_id": "eap7-weld-cdi-2.0-api-0:2.0.2-2.redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-cdi-2.0-api@2.0.2-2.redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-sun-ws-metadata-2.0-api-0:1.0.0-7.MR1_redhat_8.1.el9eap.noarch", "product": { "name": "eap7-sun-ws-metadata-2.0-api-0:1.0.0-7.MR1_redhat_8.1.el9eap.noarch", "product_id": "eap7-sun-ws-metadata-2.0-api-0:1.0.0-7.MR1_redhat_8.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-sun-ws-metadata-2.0-api@1.0.0-7.MR1_redhat_8.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el9eap.noarch", "product": { "name": "eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el9eap.noarch", "product_id": "eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jakarta-el@3.0.3-3.redhat_00007.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.el9eap.noarch", "product_id": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jsoup@1.14.2-1.redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-transaction-spi-0:7.6.0-2.Final_redhat_1.1.el9eap.noarch", "product": { "name": "eap7-jboss-transaction-spi-0:7.6.0-2.Final_redhat_1.1.el9eap.noarch", "product_id": "eap7-jboss-transaction-spi-0:7.6.0-2.Final_redhat_1.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-transaction-spi@7.6.0-2.Final_redhat_1.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el9eap.noarch", "product_id": "eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-byte-buddy@1.11.12-2.redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el9eap.noarch", "product_id": "eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-javassist@3.27.0-2.GA_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-modules@1.12.0-2.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-sshd@2.7.0-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el9eap.noarch", "product_id": "eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.0.202109080827-1.r_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-reactivex-rxjava-0:3.0.9-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-reactivex-rxjava-0:3.0.9-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-reactivex-rxjava-0:3.0.9-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-reactivex-rxjava@3.0.9-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hornetq-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-hornetq-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-hornetq-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hornetq@2.4.8-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hornetq-commons-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-hornetq-commons-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-hornetq-commons-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hornetq-commons@2.4.8-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hornetq-core-client-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-hornetq-core-client-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-hornetq-core-client-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hornetq-core-client@2.4.8-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hornetq-jms-client-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-hornetq-jms-client-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-hornetq-jms-client-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hornetq-jms-client@2.4.8-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-classfilewriter-0:1.2.5-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-classfilewriter-0:1.2.5-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-classfilewriter-0:1.2.5-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-classfilewriter@1.2.5-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jgroups-0:4.2.15-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jgroups-0:4.2.15-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jgroups-0:4.2.15-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jgroups@4.2.15-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-mod_cluster-0:1.4.4-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-mod_cluster-0:1.4.4-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-mod_cluster-0:1.4.4-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-mod_cluster@1.4.4-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy@3.15.3-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-atom-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-atom-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-atom-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-atom-provider@3.15.3-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-cdi-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-cdi-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-cdi-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-cdi@3.15.3-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-client-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-client-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-client-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-client@3.15.3-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-crypto-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-crypto-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-crypto-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-crypto@3.15.3-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jackson-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-jackson-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-jackson-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jackson-provider@3.15.3-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jackson2-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-jackson2-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-jackson2-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jackson2-provider@3.15.3-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jaxb-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-jaxb-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-jaxb-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jaxb-provider@3.15.3-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jaxrs-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-jaxrs-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-jaxrs-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jaxrs@3.15.3-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jettison-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-jettison-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-jettison-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jettison-provider@3.15.3-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jose-jwt-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-jose-jwt-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-jose-jwt-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jose-jwt@3.15.3-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jsapi-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-jsapi-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-jsapi-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jsapi@3.15.3-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-json-binding-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-json-binding-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-json-binding-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-json-binding-provider@3.15.3-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-json-p-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-json-p-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-json-p-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-json-p-provider@3.15.3-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-multipart-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-multipart-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-multipart-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-multipart-provider@3.15.3-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-rxjava2-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-rxjava2-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-rxjava2-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-rxjava2@3.15.3-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-spring-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-spring-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-spring-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-spring@3.15.3-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-validator-provider-11-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-validator-provider-11-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-validator-provider-11-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-validator-provider-11@3.15.3-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-yaml-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-yaml-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-yaml-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-yaml-provider@3.15.3-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-ejb-client-0:4.0.44-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-ejb-client-0:4.0.44-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-ejb-client-0:4.0.44-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.44-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-javaewah-0:1.1.7-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-javaewah-0:1.1.7-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-javaewah-0:1.1.7-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-javaewah@1.1.7-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-search-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-hibernate-search-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-hibernate-search-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-search@5.10.7-1.1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-search-backend-jgroups-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-hibernate-search-backend-jgroups-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-hibernate-search-backend-jgroups-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-search-backend-jgroups@5.10.7-1.1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-search-backend-jms-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-hibernate-search-backend-jms-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-hibernate-search-backend-jms-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-search-backend-jms@5.10.7-1.1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-search-engine-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-hibernate-search-engine-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-hibernate-search-engine-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-search-engine@5.10.7-1.1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-search-orm-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-hibernate-search-orm-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-hibernate-search-orm-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-search-orm@5.10.7-1.1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-search-serialization-avro-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-hibernate-search-serialization-avro-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-hibernate-search-serialization-avro-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-search-serialization-avro@5.10.7-1.1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-shibboleth-java-support-0:7.3.0-1.1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-shibboleth-java-support-0:7.3.0-1.1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-shibboleth-java-support-0:7.3.0-1.1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-shibboleth-java-support@7.3.0-1.1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-taglibs-standard-compat-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch", "product": { "name": "eap7-taglibs-standard-compat-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch", "product_id": "eap7-taglibs-standard-compat-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-taglibs-standard-compat@1.2.6-2.1.RC1_redhat_1.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-taglibs-standard-impl-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch", "product": { "name": "eap7-taglibs-standard-impl-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch", "product_id": "eap7-taglibs-standard-impl-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-taglibs-standard-impl@1.2.6-2.1.RC1_redhat_1.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-taglibs-standard-spec-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch", "product": { "name": "eap7-taglibs-standard-spec-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch", "product_id": "eap7-taglibs-standard-spec-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-taglibs-standard-spec@1.2.6-2.1.RC1_redhat_1.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-opensaml-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-opensaml-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "product_id": "eap7-opensaml-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-opensaml@3.3.1-1.1.redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-opensaml-core-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-opensaml-core-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "product_id": "eap7-opensaml-core-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-opensaml-core@3.3.1-1.1.redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-opensaml-profile-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-opensaml-profile-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "product_id": "eap7-opensaml-profile-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-opensaml-profile-api@3.3.1-1.1.redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-opensaml-saml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-opensaml-saml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "product_id": "eap7-opensaml-saml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-opensaml-saml-api@3.3.1-1.1.redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-opensaml-saml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-opensaml-saml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "product_id": "eap7-opensaml-saml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-opensaml-saml-impl@3.3.1-1.1.redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-opensaml-security-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-opensaml-security-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "product_id": "eap7-opensaml-security-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-opensaml-security-api@3.3.1-1.1.redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-opensaml-security-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-opensaml-security-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "product_id": "eap7-opensaml-security-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-opensaml-security-impl@3.3.1-1.1.redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-opensaml-soap-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-opensaml-soap-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "product_id": "eap7-opensaml-soap-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-opensaml-soap-api@3.3.1-1.1.redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-opensaml-xacml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-opensaml-xacml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "product_id": "eap7-opensaml-xacml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-opensaml-xacml-api@3.3.1-1.1.redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-opensaml-xacml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-opensaml-xacml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "product_id": "eap7-opensaml-xacml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-opensaml-xacml-impl@3.3.1-1.1.redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-opensaml-xacml-saml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-opensaml-xacml-saml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "product_id": "eap7-opensaml-xacml-saml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-opensaml-xacml-saml-api@3.3.1-1.1.redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-opensaml-xacml-saml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-opensaml-xacml-saml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "product_id": "eap7-opensaml-xacml-saml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-opensaml-xacml-saml-impl@3.3.1-1.1.redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-opensaml-xmlsec-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-opensaml-xmlsec-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "product_id": "eap7-opensaml-xmlsec-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-opensaml-xmlsec-api@3.3.1-1.1.redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-opensaml-xmlsec-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-opensaml-xmlsec-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "product_id": "eap7-opensaml-xmlsec-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-opensaml-xmlsec-impl@3.3.1-1.1.redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-neethi-0:3.1.1-1.1.redhat_1.1.el9eap.noarch", "product": { "name": "eap7-neethi-0:3.1.1-1.1.redhat_1.1.el9eap.noarch", "product_id": "eap7-neethi-0:3.1.1-1.1.redhat_1.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-neethi@3.1.1-1.1.redhat_1.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-discovery-client-0:1.2.1-1.1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-wildfly-discovery-client-0:1.2.1-1.1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-wildfly-discovery-client-0:1.2.1-1.1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-discovery-client@1.2.1-1.1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-xjc-utils-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-apache-cxf-xjc-utils-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-apache-cxf-xjc-utils-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-xjc-utils@3.3.1-1.1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-cxf-xjc-boolean-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-cxf-xjc-boolean-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-cxf-xjc-boolean-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-cxf-xjc-boolean@3.3.1-1.1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-cxf-xjc-bug986-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-cxf-xjc-bug986-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-cxf-xjc-bug986-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-cxf-xjc-bug986@3.3.1-1.1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-cxf-xjc-dv-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-cxf-xjc-dv-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-cxf-xjc-dv-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-cxf-xjc-dv@3.3.1-1.1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-cxf-xjc-runtime-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-cxf-xjc-runtime-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-cxf-xjc-runtime-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-cxf-xjc-runtime@3.3.1-1.1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-cxf-xjc-ts-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-cxf-xjc-ts-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-cxf-xjc-ts-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-cxf-xjc-ts@3.3.1-1.1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-naming-client-0:1.0.14-1.1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-wildfly-naming-client-0:1.0.14-1.1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-wildfly-naming-client-0:1.0.14-1.1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-naming-client@1.0.14-1.1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-xml-security-0:2.1.7-1.1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-xml-security-0:2.1.7-1.1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-xml-security-0:2.1.7-1.1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xml-security@2.1.7-1.1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wss4j-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-wss4j-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-wss4j-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wss4j@2.2.7-1.1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wss4j-bindings-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-wss4j-bindings-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-wss4j-bindings-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wss4j-bindings@2.2.7-1.1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wss4j-policy-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-wss4j-policy-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-wss4j-policy-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wss4j-policy@2.2.7-1.1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wss4j-ws-security-common-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-wss4j-ws-security-common-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-wss4j-ws-security-common-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wss4j-ws-security-common@2.2.7-1.1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wss4j-ws-security-dom-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-wss4j-ws-security-dom-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-wss4j-ws-security-dom-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wss4j-ws-security-dom@2.2.7-1.1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wss4j-ws-security-policy-stax@2.2.7-1.1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wss4j-ws-security-stax-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-wss4j-ws-security-stax-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-wss4j-ws-security-stax-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wss4j-ws-security-stax@2.2.7-1.1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-slf4j-0:1.7.22-4.1.redhat_2.1.el9eap.noarch", "product": { "name": "eap7-slf4j-0:1.7.22-4.1.redhat_2.1.el9eap.noarch", "product_id": "eap7-slf4j-0:1.7.22-4.1.redhat_2.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-slf4j@1.7.22-4.1.redhat_2.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-slf4j-api-0:1.7.22-4.1.redhat_2.1.el9eap.noarch", "product": { "name": "eap7-slf4j-api-0:1.7.22-4.1.redhat_2.1.el9eap.noarch", "product_id": "eap7-slf4j-api-0:1.7.22-4.1.redhat_2.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-slf4j-api@1.7.22-4.1.redhat_2.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-slf4j-ext-0:1.7.22-4.1.redhat_2.1.el9eap.noarch", "product": { "name": "eap7-slf4j-ext-0:1.7.22-4.1.redhat_2.1.el9eap.noarch", "product_id": "eap7-slf4j-ext-0:1.7.22-4.1.redhat_2.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-slf4j-ext@1.7.22-4.1.redhat_2.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jgroups-azure-0:1.3.1-1.1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jgroups-azure-0:1.3.1-1.1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jgroups-azure-0:1.3.1-1.1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jgroups-azure@1.3.1-1.1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-woodstox-core-0:6.0.3-1.1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-woodstox-core-0:6.0.3-1.1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-woodstox-core-0:6.0.3-1.1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-woodstox-core@6.0.3-1.1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-guava-0:30.1.0-1.1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-guava-0:30.1.0-1.1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-guava-0:30.1.0-1.1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-guava@30.1.0-1.1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-guava-libraries-0:30.1.0-1.1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-guava-libraries-0:30.1.0-1.1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-guava-libraries-0:30.1.0-1.1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-guava-libraries@30.1.0-1.1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-client-config-0:1.0.1-2.1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-wildfly-client-config-0:1.0.1-2.1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-wildfly-client-config-0:1.0.1-2.1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-client-config@1.0.1-2.1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-istack-commons-runtime-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-istack-commons-runtime-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-istack-commons-runtime-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-istack-commons-runtime@3.0.10-1.1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-istack-commons-tools-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-istack-commons-tools-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-istack-commons-tools-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-istack-commons-tools@3.0.10-1.1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-sun-istack-commons-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-sun-istack-commons-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-sun-istack-commons-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-sun-istack-commons@3.0.10-1.1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-httpcomponents-asyncclient-0:4.1.4-1.1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-httpcomponents-asyncclient-0:4.1.4-1.1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-httpcomponents-asyncclient-0:4.1.4-1.1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-httpcomponents-asyncclient@4.1.4-1.1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-avro-0:1.7.6-7.1.redhat_2.1.el9eap.noarch", "product": { "name": "eap7-avro-0:1.7.6-7.1.redhat_2.1.el9eap.noarch", "product_id": "eap7-avro-0:1.7.6-7.1.redhat_2.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-avro@1.7.6-7.1.redhat_2.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-mime4j-0:0.6.0-4.1.redhat_7.1.el9eap.noarch", "product": { "name": "eap7-apache-mime4j-0:0.6.0-4.1.redhat_7.1.el9eap.noarch", "product_id": "eap7-apache-mime4j-0:0.6.0-4.1.redhat_7.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-mime4j@0.6.0-4.1.redhat_7.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-common-0:1.5.4-1.1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-wildfly-common-0:1.5.4-1.1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-wildfly-common-0:1.5.4-1.1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-common@1.5.4-1.1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-commons-annotations-0:5.0.5-1.1.Final_redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-hibernate-commons-annotations-0:5.0.5-1.1.Final_redhat_00002.1.el9eap.noarch", "product_id": "eap7-hibernate-commons-annotations-0:5.0.5-1.1.Final_redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-commons-annotations@5.0.5-1.1.Final_redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-weld-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-weld-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core@3.1.6-1.1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-core-impl-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-weld-core-impl-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-weld-core-impl-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core-impl@3.1.6-1.1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-core-jsf-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-weld-core-jsf-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-weld-core-jsf-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core-jsf@3.1.6-1.1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-ejb-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-weld-ejb-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-weld-ejb-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-ejb@3.1.6-1.1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-jta-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-weld-jta-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-weld-jta-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-jta@3.1.6-1.1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-probe-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-weld-probe-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-weld-probe-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-probe-core@3.1.6-1.1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-web-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-weld-web-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-weld-web-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-web@3.1.6-1.1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-FastInfoset-0:1.2.13-11.1.redhat_1.1.el9eap.noarch", "product": { "name": "eap7-FastInfoset-0:1.2.13-11.1.redhat_1.1.el9eap.noarch", "product_id": "eap7-FastInfoset-0:1.2.13-11.1.redhat_1.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-FastInfoset@1.2.13-11.1.redhat_1.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-glassfish-fastinfoset-0:1.2.13-11.1.redhat_1.1.el9eap.noarch", "product": { "name": "eap7-glassfish-fastinfoset-0:1.2.13-11.1.redhat_1.1.el9eap.noarch", "product_id": "eap7-glassfish-fastinfoset-0:1.2.13-11.1.redhat_1.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-fastinfoset@1.2.13-11.1.redhat_1.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-marshalling-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-marshalling-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-marshalling-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.12-1.1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-marshalling-river-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-marshalling-river-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-marshalling-river-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-marshalling-river@2.0.12-1.1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-codemodel-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-codemodel-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "product_id": "eap7-codemodel-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-codemodel@2.3.3-4.1.b02_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-glassfish-jaxb-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-glassfish-jaxb-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "product_id": "eap7-glassfish-jaxb-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jaxb@2.3.3-4.1.b02_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jaxb-jxc-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jaxb-jxc-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jaxb-jxc-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jaxb-jxc@2.3.3-4.1.b02_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jaxb-runtime-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jaxb-runtime-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jaxb-runtime-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jaxb-runtime@2.3.3-4.1.b02_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jaxb-xjc-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jaxb-xjc-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jaxb-xjc-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jaxb-xjc@2.3.3-4.1.b02_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-relaxng-datatype-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-relaxng-datatype-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "product_id": "eap7-relaxng-datatype-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-relaxng-datatype@2.3.3-4.1.b02_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-rngom-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-rngom-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "product_id": "eap7-rngom-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-rngom@2.3.3-4.1.b02_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-txw2-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-txw2-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "product_id": "eap7-txw2-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-txw2@2.3.3-4.1.b02_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-xsom-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-xsom-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "product_id": "eap7-xsom-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xsom@2.3.3-4.1.b02_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-azure-storage-0:8.6.6-1.1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-azure-storage-0:8.6.6-1.1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-azure-storage-0:8.6.6-1.1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-azure-storage@8.6.6-1.1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-server-0:1.9.2-2.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-undertow-server-0:1.9.2-2.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-undertow-server-0:1.9.2-2.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow-server@1.9.2-2.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-mustache-java-0:0.9.6-1.1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-mustache-java-0:0.9.6-1.1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-mustache-java-0:0.9.6-1.1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-mustache-java@0.9.6-1.1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-mustache-java-compiler-0:0.9.6-1.1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-mustache-java-compiler-0:0.9.6-1.1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-mustache-java-compiler-0:0.9.6-1.1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-mustache-java-compiler@0.9.6-1.1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana@5.11.4-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-compensations@5.11.4-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-jbosstxbridge@5.11.4-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-jbossxts@5.11.4-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-jts-idlj@5.11.4-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-jts-integration@5.11.4-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-restat-api@5.11.4-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-restat-bridge@5.11.4-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-restat-integration@5.11.4-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-restat-util@5.11.4-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-narayana-txframework@5.11.4-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-xom-0:1.3.7-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-xom-0:1.3.7-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-xom-0:1.3.7-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xom@1.3.7-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@11.0.15-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@11.0.15-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@11.0.15-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@11.0.15-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-commons@11.0.15-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-component-annotations@11.0.15-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-core@11.0.15-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@11.0.15-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@11.0.15-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@11.0.15-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el9eap.noarch", "product_id": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-objectweb-asm@9.1.0-1.redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-vfs@3.2.16-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-yasson@1.0.10-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el9eap.noarch", "product_id": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ecj@3.26.0-1.redhat_00002.1.el9eap?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "eap7-jboss-logging-0:3.4.1-2.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-logging-0:3.4.1-2.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-logging-0:3.4.1-2.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-logging@3.4.1-2.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el9eap.noarch", "product": { "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el9eap.noarch", "product_id": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-snakeyaml@1.29.0-1.redhat_00001.2.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.4-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el9eap.noarch", "product": { "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el9eap.noarch", "product_id": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00004.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.15-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el9eap.noarch", "product_id": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-log4j@2.17.1-2.redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-9.redhat_00042.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-9.redhat_00042.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-9.redhat_00042.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-9.redhat_00042.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-9.redhat_00042.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-9.redhat_00042.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-9.redhat_00042.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-9.redhat_00042.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-9.redhat_00042.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-9.redhat_00042.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-9.redhat_00042.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-9.redhat_00042.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-9.redhat_00042.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-9.redhat_00042.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-9.redhat_00042.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-9.redhat_00042.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.12.6-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.12.6-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.6-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.12.6-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.12.6-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.6-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.12.6-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.6-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.7-1.SP1_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el9eap.noarch", "product_id": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xerces-j2@2.12.0-3.SP04_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.23-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.6-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el9eap.noarch", "product_id": "eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-log4j-jboss-logmanager@1.2.2-1.Final_redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-tcnative@2.0.52-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el9eap.noarch", "product": { "name": "eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el9eap.noarch", "product_id": "eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.6.1-2.redhat_00004.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el9eap.noarch", "product": { "name": "eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el9eap.noarch", "product_id": "eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketbox@5.0.3-10.Final_redhat_00009.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketbox-infinispan-0:5.0.3-10.Final_redhat_00009.1.el9eap.noarch", "product": { "name": "eap7-picketbox-infinispan-0:5.0.3-10.Final_redhat_00009.1.el9eap.noarch", "product_id": "eap7-picketbox-infinispan-0:5.0.3-10.Final_redhat_00009.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketbox-infinispan@5.0.3-10.Final_redhat_00009.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "product_id": "eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.3-2.SP1_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-api-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-ironjacamar-common-api-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "product_id": "eap7-ironjacamar-common-api-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.5.3-2.SP1_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-impl-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-ironjacamar-common-impl-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "product_id": "eap7-ironjacamar-common-impl-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.5.3-2.SP1_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-spi-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-ironjacamar-common-spi-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "product_id": "eap7-ironjacamar-common-spi-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.5.3-2.SP1_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-api-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-ironjacamar-core-api-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "product_id": "eap7-ironjacamar-core-api-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.5.3-2.SP1_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-impl-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-ironjacamar-core-impl-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "product_id": "eap7-ironjacamar-core-impl-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.5.3-2.SP1_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-deployers-common-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-ironjacamar-deployers-common-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "product_id": "eap7-ironjacamar-deployers-common-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.5.3-2.SP1_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-jdbc-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-ironjacamar-jdbc-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "product_id": "eap7-ironjacamar-jdbc-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.5.3-2.SP1_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-validator-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-ironjacamar-validator-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "product_id": "eap7-ironjacamar-validator-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.5.3-2.SP1_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.77-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-buffer@4.1.77-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec@4.1.77-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-dns@4.1.77-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-haproxy@4.1.77-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-http@4.1.77-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-http2@4.1.77-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-memcache@4.1.77-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-mqtt@4.1.77-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-redis@4.1.77-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-smtp@4.1.77-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-socks@4.1.77-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-stomp@4.1.77-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-xml@4.1.77-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-common@4.1.77-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-handler@4.1.77-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-handler-proxy@4.1.77-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver@4.1.77-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver-dns@4.1.77-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver-dns-classes-macos@4.1.77-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport@4.1.77-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-classes-epoll@4.1.77-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-classes-kqueue@4.1.77-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-unix-common@4.1.77-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-rxtx@4.1.77-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-sctp@4.1.77-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-udt@4.1.77-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.27-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.27-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.27-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-gson-0:2.8.9-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-gson-0:2.8.9-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-gson-0:2.8.9-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-gson@2.8.9-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jandex@2.4.2-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-api-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "product": { "name": "eap7-picketlink-api-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "product_id": "eap7-picketlink-api-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-api@2.5.5-21.SP12_redhat_00011.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-common-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "product": { "name": "eap7-picketlink-common-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "product_id": "eap7-picketlink-common-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-common@2.5.5-21.SP12_redhat_00011.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-config-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "product": { "name": "eap7-picketlink-config-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "product_id": "eap7-picketlink-config-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-config@2.5.5-21.SP12_redhat_00011.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "product": { "name": "eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "product_id": "eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-federation@2.5.5-21.SP12_redhat_00011.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-idm-api-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "product": { "name": "eap7-picketlink-idm-api-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "product_id": "eap7-picketlink-idm-api-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-idm-api@2.5.5-21.SP12_redhat_00011.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-idm-impl-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "product": { "name": "eap7-picketlink-idm-impl-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "product_id": "eap7-picketlink-idm-impl-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-idm-impl@2.5.5-21.SP12_redhat_00011.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-idm-simple-schema-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "product": { "name": "eap7-picketlink-idm-simple-schema-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "product_id": "eap7-picketlink-idm-simple-schema-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-idm-simple-schema@2.5.5-21.SP12_redhat_00011.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-impl-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "product": { "name": "eap7-picketlink-impl-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "product_id": "eap7-picketlink-impl-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-impl@2.5.5-21.SP12_redhat_00011.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.13-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.15.13-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.15.13-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.15.13-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.13-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-2.SP2_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jberet-core-0:1.3.9-2.SP2_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jberet-core-0:1.3.9-2.SP2_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jberet-core-0:1.3.9-2.SP2_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.9-2.SP2_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el9eap.noarch", "product_id": "eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.14-4.SP05_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.13-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.3.13-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-rt-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-apache-cxf-rt-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-apache-cxf-rt-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.3.13-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-services-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-apache-cxf-services-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-apache-cxf-services-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.3.13-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-tools-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-apache-cxf-tools-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "product_id": "eap7-apache-cxf-tools-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.3.13-1.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.25-1.SP1_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl@2.2.3-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-java-0:2.2.3-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-wildfly-openssl-java-0:2.2.3-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-wildfly-openssl-java-0:2.2.3-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-java@2.2.3-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-common-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-wildfly-http-client-common-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "product_id": "eap7-wildfly-http-client-common-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.1.12-1.SP1_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-ejb-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-wildfly-http-ejb-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "product_id": "eap7-wildfly-http-ejb-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.1.12-1.SP1_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-naming-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-wildfly-http-naming-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "product_id": "eap7-wildfly-http-naming-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.1.12-1.SP1_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-transaction-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-wildfly-http-transaction-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "product_id": "eap7-wildfly-http-transaction-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.1.12-1.SP1_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-5.SP06_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jbossws-spi-0:3.3.1-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jbossws-spi-0:3.3.1-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jbossws-spi-0:3.3.1-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jbossws-spi@3.3.1-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el9eap.noarch", "product": { "name": "eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el9eap.noarch", "product_id": "eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-26.SP12_redhat_00014.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-wildfly8-0:2.5.5-26.SP12_redhat_00014.1.el9eap.noarch", "product": { "name": "eap7-picketlink-wildfly8-0:2.5.5-26.SP12_redhat_00014.1.el9eap.noarch", "product_id": "eap7-picketlink-wildfly8-0:2.5.5-26.SP12_redhat_00014.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-wildfly8@2.5.5-26.SP12_redhat_00014.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el9eap.noarch", "product_id": "eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.18-2.SP2_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-18.Final_redhat_00017.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-18.Final_redhat_00017.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-18.Final_redhat_00017.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch", "product_id": "eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.6-5.GA_redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.6-5.GA_redhat_00002.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch", "product_id": "eap7-wildfly-modules-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.6-5.GA_redhat_00002.1.el9eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-0:1-18.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-0:1-18.el9eap.src" }, "product_reference": "eap7-0:1-18.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-0:1-18.el9eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-0:1-18.el9eap.x86_64" }, "product_reference": "eap7-0:1-18.el9eap.x86_64", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-FastInfoset-0:1.2.13-11.1.redhat_1.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-FastInfoset-0:1.2.13-11.1.redhat_1.1.el9eap.noarch" }, "product_reference": "eap7-FastInfoset-0:1.2.13-11.1.redhat_1.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el9eap.src" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-aesh-extensions-0:1.8.0-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-aesh-extensions-0:1.8.0-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-aesh-extensions-0:1.8.0-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-aesh-extensions-0:1.8.0-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-aesh-extensions-0:1.8.0-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-aesh-extensions-0:1.8.0-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-aesh-readline-0:2.2.0-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-aesh-readline-0:2.2.0-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-aesh-readline-0:2.2.0-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-aesh-readline-0:2.2.0-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-aesh-readline-0:2.2.0-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-aesh-readline-0:2.2.0-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-agroal-0:1.3.0-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-agroal-0:1.3.0-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-agroal-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-agroal-0:1.3.0-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-agroal-0:1.3.0-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-agroal-0:1.3.0-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-agroal-api-0:1.3.0-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-agroal-api-0:1.3.0-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-agroal-api-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-agroal-narayana-0:1.3.0-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-agroal-narayana-0:1.3.0-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-agroal-narayana-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-agroal-pool-0:1.3.0-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-agroal-pool-0:1.3.0-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-agroal-pool-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-antlr-0:2.7.7-54.redhat_7.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-antlr-0:2.7.7-54.redhat_7.1.el9eap.noarch" }, "product_reference": "eap7-antlr-0:2.7.7-54.redhat_7.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-antlr-0:2.7.7-54.redhat_7.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-antlr-0:2.7.7-54.redhat_7.1.el9eap.src" }, "product_reference": "eap7-antlr-0:2.7.7-54.redhat_7.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.el9eap.src" }, "product_reference": "eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-commons-cli-0:1.4.0-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-apache-commons-cli-0:1.4.0-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-apache-commons-cli-0:1.4.0-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-commons-cli-0:1.4.0-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-apache-commons-cli-0:1.4.0-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-apache-commons-cli-0:1.4.0-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-commons-codec-0:1.15.0-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-apache-commons-codec-0:1.15.0-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-apache-commons-codec-0:1.15.0-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-commons-codec-0:1.15.0-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-apache-commons-codec-0:1.15.0-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-apache-commons-codec-0:1.15.0-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-commons-collections-0:3.2.2-9.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-apache-commons-collections-0:3.2.2-9.redhat_2.1.el9eap.noarch" }, "product_reference": "eap7-apache-commons-collections-0:3.2.2-9.redhat_2.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-commons-collections-0:3.2.2-9.redhat_2.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-apache-commons-collections-0:3.2.2-9.redhat_2.1.el9eap.src" }, "product_reference": "eap7-apache-commons-collections-0:3.2.2-9.redhat_2.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-commons-lang-0:3.11.0-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-apache-commons-lang-0:3.11.0-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-apache-commons-lang-0:3.11.0-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-commons-lang-0:3.11.0-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-apache-commons-lang-0:3.11.0-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-apache-commons-lang-0:3.11.0-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-commons-lang2-0:2.6.0-1.redhat_7.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-apache-commons-lang2-0:2.6.0-1.redhat_7.1.el9eap.noarch" }, "product_reference": "eap7-apache-commons-lang2-0:2.6.0-1.redhat_7.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-commons-lang2-0:2.6.0-1.redhat_7.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-apache-commons-lang2-0:2.6.0-1.redhat_7.1.el9eap.src" }, "product_reference": "eap7-apache-commons-lang2-0:2.6.0-1.redhat_7.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-rt-0:3.3.13-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.13-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-apache-cxf-rt-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-services-0:3.3.13-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.13-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-apache-cxf-services-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-tools-0:3.3.13-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.13-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-apache-cxf-tools-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-xjc-utils-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-xjc-utils-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-apache-cxf-xjc-utils-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-xjc-utils-0:3.3.1-1.1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-xjc-utils-0:3.3.1-1.1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-apache-cxf-xjc-utils-0:3.3.1-1.1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-mime4j-0:0.6.0-4.1.redhat_7.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-apache-mime4j-0:0.6.0-4.1.redhat_7.1.el9eap.noarch" }, "product_reference": "eap7-apache-mime4j-0:0.6.0-4.1.redhat_7.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-mime4j-0:0.6.0-4.1.redhat_7.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-apache-mime4j-0:0.6.0-4.1.redhat_7.1.el9eap.src" }, "product_reference": "eap7-apache-mime4j-0:0.6.0-4.1.redhat_7.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-artemis-native-1:1.0.2-3.redhat_1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-3.redhat_1.el9eap.src" }, "product_reference": "eap7-artemis-native-1:1.0.2-3.redhat_1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-artemis-native-1:1.0.2-3.redhat_1.el9eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-3.redhat_1.el9eap.x86_64" }, "product_reference": "eap7-artemis-native-1:1.0.2-3.redhat_1.el9eap.x86_64", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el9eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el9eap.x86_64" }, "product_reference": "eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el9eap.x86_64", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-atinject-0:1.0.3-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-atinject-0:1.0.3-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-atinject-0:1.0.3-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-atinject-0:1.0.3-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-atinject-0:1.0.3-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-atinject-0:1.0.3-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-avro-0:1.7.6-7.1.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-avro-0:1.7.6-7.1.redhat_2.1.el9eap.noarch" }, "product_reference": "eap7-avro-0:1.7.6-7.1.redhat_2.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-avro-0:1.7.6-7.1.redhat_2.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-avro-0:1.7.6-7.1.redhat_2.1.el9eap.src" }, "product_reference": "eap7-avro-0:1.7.6-7.1.redhat_2.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-azure-storage-0:8.6.6-1.1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-azure-storage-0:8.6.6-1.1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-azure-storage-0:8.6.6-1.1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-azure-storage-0:8.6.6-1.1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-azure-storage-0:8.6.6-1.1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-azure-storage-0:8.6.6-1.1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-0:1.68.0-2.redhat_00005.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.68.0-2.redhat_00005.1.el9eap.noarch" }, "product_reference": "eap7-bouncycastle-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-0:1.68.0-2.redhat_00005.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.68.0-2.redhat_00005.1.el9eap.src" }, "product_reference": "eap7-bouncycastle-0:1.68.0-2.redhat_00005.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-mail-0:1.68.0-2.redhat_00005.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.68.0-2.redhat_00005.1.el9eap.noarch" }, "product_reference": "eap7-bouncycastle-mail-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-pg-0:1.68.0-2.redhat_00005.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.68.0-2.redhat_00005.1.el9eap.noarch" }, "product_reference": "eap7-bouncycastle-pg-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-pkix-0:1.68.0-2.redhat_00005.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.68.0-2.redhat_00005.1.el9eap.noarch" }, "product_reference": "eap7-bouncycastle-pkix-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-prov-0:1.68.0-2.redhat_00005.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.68.0-2.redhat_00005.1.el9eap.noarch" }, "product_reference": "eap7-bouncycastle-prov-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el9eap.src" }, "product_reference": "eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-caffeine-0:2.8.8-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-caffeine-0:2.8.8-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-caffeine-0:2.8.8-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-caffeine-0:2.8.8-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-caffeine-0:2.8.8-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-caffeine-0:2.8.8-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-cal10n-0:0.8.1-6.redhat_1.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-cal10n-0:0.8.1-6.redhat_1.1.el9eap.noarch" }, "product_reference": "eap7-cal10n-0:0.8.1-6.redhat_1.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-cal10n-0:0.8.1-6.redhat_1.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-cal10n-0:0.8.1-6.redhat_1.1.el9eap.src" }, "product_reference": "eap7-cal10n-0:0.8.1-6.redhat_1.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-codehaus-jackson-0:1.9.13-10.redhat_00007.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-codehaus-jackson-0:1.9.13-10.redhat_00007.1.el9eap.noarch" }, "product_reference": "eap7-codehaus-jackson-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-codehaus-jackson-0:1.9.13-10.redhat_00007.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-codehaus-jackson-0:1.9.13-10.redhat_00007.1.el9eap.src" }, "product_reference": "eap7-codehaus-jackson-0:1.9.13-10.redhat_00007.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-codehaus-jackson-core-asl-0:1.9.13-10.redhat_00007.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-codehaus-jackson-core-asl-0:1.9.13-10.redhat_00007.1.el9eap.noarch" }, "product_reference": "eap7-codehaus-jackson-core-asl-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-codehaus-jackson-jaxrs-0:1.9.13-10.redhat_00007.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-codehaus-jackson-jaxrs-0:1.9.13-10.redhat_00007.1.el9eap.noarch" }, "product_reference": "eap7-codehaus-jackson-jaxrs-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-codehaus-jackson-mapper-asl-0:1.9.13-10.redhat_00007.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-codehaus-jackson-mapper-asl-0:1.9.13-10.redhat_00007.1.el9eap.noarch" }, "product_reference": "eap7-codehaus-jackson-mapper-asl-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-codehaus-jackson-xc-0:1.9.13-10.redhat_00007.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-codehaus-jackson-xc-0:1.9.13-10.redhat_00007.1.el9eap.noarch" }, "product_reference": "eap7-codehaus-jackson-xc-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-codemodel-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-codemodel-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-codemodel-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-commons-logging-jboss-logging-0:1.0.0-1.Final_redhat_1.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-commons-logging-jboss-logging-0:1.0.0-1.Final_redhat_1.1.el9eap.noarch" }, "product_reference": "eap7-commons-logging-jboss-logging-0:1.0.0-1.Final_redhat_1.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-commons-logging-jboss-logging-0:1.0.0-1.Final_redhat_1.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-commons-logging-jboss-logging-0:1.0.0-1.Final_redhat_1.1.el9eap.src" }, "product_reference": "eap7-commons-logging-jboss-logging-0:1.0.0-1.Final_redhat_1.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-cryptacular-0:1.2.4-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-cryptacular-0:1.2.4-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-cryptacular-0:1.2.4-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-cryptacular-0:1.2.4-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-cryptacular-0:1.2.4-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-cryptacular-0:1.2.4-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-cxf-xjc-boolean-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-cxf-xjc-boolean-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-cxf-xjc-boolean-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-cxf-xjc-bug986-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-cxf-xjc-bug986-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-cxf-xjc-bug986-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-cxf-xjc-dv-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-cxf-xjc-dv-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-cxf-xjc-dv-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-cxf-xjc-runtime-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-cxf-xjc-runtime-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-cxf-xjc-runtime-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-cxf-xjc-ts-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-cxf-xjc-ts-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-cxf-xjc-ts-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el9eap.src" }, "product_reference": "eap7-ecj-1:3.26.0-1.redhat_00002.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-elytron-web-0:1.9.2-2.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.2-2.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-elytron-web-0:1.9.2-2.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el9eap.noarch" }, "product_reference": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el9eap.src" }, "product_reference": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el9eap.noarch" }, "product_reference": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el9eap.src" }, "product_reference": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-concurrent-0:1.1.1-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-glassfish-concurrent-0:1.1.1-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-glassfish-concurrent-0:1.1.1-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-concurrent-0:1.1.1-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-glassfish-concurrent-0:1.1.1-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-glassfish-concurrent-0:1.1.1-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-fastinfoset-0:1.2.13-11.1.redhat_1.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-glassfish-fastinfoset-0:1.2.13-11.1.redhat_1.1.el9eap.noarch" }, "product_reference": "eap7-glassfish-fastinfoset-0:1.2.13-11.1.redhat_1.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-fastinfoset-0:1.2.13-11.1.redhat_1.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-glassfish-fastinfoset-0:1.2.13-11.1.redhat_1.1.el9eap.src" }, "product_reference": "eap7-glassfish-fastinfoset-0:1.2.13-11.1.redhat_1.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jaf-0:1.2.2-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-glassfish-jaf-0:1.2.2-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jaf-0:1.2.2-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-glassfish-jaf-0:1.2.2-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-javamail-0:1.6.5-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.5-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-glassfish-javamail-0:1.6.5-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-javamail-0:1.6.5-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.5-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-glassfish-javamail-0:1.6.5-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jaxb-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-glassfish-jaxb-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-glassfish-jaxb-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jaxb-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-glassfish-jaxb-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-glassfish-jaxb-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-json-0:1.1.6-2.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-glassfish-json-0:1.1.6-2.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-glassfish-json-0:1.1.6-2.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-glassfish-json-0:1.1.6-2.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-glassfish-json-0:1.1.6-2.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-glassfish-json-0:1.1.6-2.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-gnu-getopt-0:1.0.13-6.redhat_5.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-gnu-getopt-0:1.0.13-6.redhat_5.1.el9eap.noarch" }, "product_reference": "eap7-gnu-getopt-0:1.0.13-6.redhat_5.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-gnu-getopt-0:1.0.13-6.redhat_5.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-gnu-getopt-0:1.0.13-6.redhat_5.1.el9eap.src" }, "product_reference": "eap7-gnu-getopt-0:1.0.13-6.redhat_5.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-gson-0:2.8.9-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-gson-0:2.8.9-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-gson-0:2.8.9-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-gson-0:2.8.9-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-guava-0:30.1.0-1.1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-guava-0:30.1.0-1.1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-guava-0:30.1.0-1.1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el9eap.src" }, "product_reference": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-guava-libraries-0:30.1.0-1.1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-guava-libraries-0:30.1.0-1.1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-guava-libraries-0:30.1.0-1.1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-guava-libraries-0:30.1.0-1.1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-guava-libraries-0:30.1.0-1.1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-guava-libraries-0:30.1.0-1.1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el9eap.noarch" }, "product_reference": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el9eap.src" }, "product_reference": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-beanvalidation-api-0:2.0.2-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hibernate-beanvalidation-api-0:2.0.2-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-hibernate-beanvalidation-api-0:2.0.2-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-beanvalidation-api-0:2.0.2-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hibernate-beanvalidation-api-0:2.0.2-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-hibernate-beanvalidation-api-0:2.0.2-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-commons-annotations-0:5.0.5-1.1.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hibernate-commons-annotations-0:5.0.5-1.1.Final_redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-hibernate-commons-annotations-0:5.0.5-1.1.Final_redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-commons-annotations-0:5.0.5-1.1.Final_redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hibernate-commons-annotations-0:5.0.5-1.1.Final_redhat_00002.1.el9eap.src" }, "product_reference": "eap7-hibernate-commons-annotations-0:5.0.5-1.1.Final_redhat_00002.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-search-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-hibernate-search-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-search-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-hibernate-search-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-search-backend-jgroups-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-hibernate-search-backend-jgroups-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-search-backend-jms-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-hibernate-search-backend-jms-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-search-engine-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-hibernate-search-engine-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-search-orm-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-hibernate-search-orm-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-search-serialization-avro-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-hibernate-search-serialization-avro-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hornetq-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hornetq-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-hornetq-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hornetq-0:2.4.8-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hornetq-0:2.4.8-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-hornetq-0:2.4.8-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hornetq-commons-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hornetq-commons-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-hornetq-commons-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hornetq-core-client-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hornetq-core-client-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-hornetq-core-client-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hornetq-jms-client-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hornetq-jms-client-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-hornetq-jms-client-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-httpcomponents-asyncclient-0:4.1.4-1.1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-httpcomponents-asyncclient-0:4.1.4-1.1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-httpcomponents-asyncclient-0:4.1.4-1.1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-httpcomponents-asyncclient-0:4.1.4-1.1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-httpcomponents-asyncclient-0:4.1.4-1.1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-httpcomponents-asyncclient-0:4.1.4-1.1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-httpcomponents-client-0:4.5.13-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-httpcomponents-client-0:4.5.13-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-httpcomponents-client-0:4.5.13-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-httpcomponents-client-0:4.5.13-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-httpcomponents-client-0:4.5.13-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-httpcomponents-client-0:4.5.13-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-httpcomponents-core-0:4.4.14-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-httpcomponents-core-0:4.4.14-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-httpcomponents-core-0:4.4.14-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-httpcomponents-core-0:4.4.14-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-httpcomponents-core-0:4.4.14-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-httpcomponents-core-0:4.4.14-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-api-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-ironjacamar-common-api-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-impl-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-ironjacamar-common-impl-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-spi-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-ironjacamar-common-spi-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-api-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-ironjacamar-core-api-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-impl-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-ironjacamar-core-impl-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-deployers-common-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-ironjacamar-deployers-common-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-jdbc-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-ironjacamar-jdbc-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-validator-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-ironjacamar-validator-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-istack-commons-runtime-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-istack-commons-runtime-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-istack-commons-runtime-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-istack-commons-tools-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-istack-commons-tools-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-istack-commons-tools-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-coreutils-0:1.8.0-1.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jackson-coreutils-0:1.8.0-1.redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-jackson-coreutils-0:1.8.0-1.redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-coreutils-0:1.8.0-1.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jackson-coreutils-0:1.8.0-1.redhat_00002.1.el9eap.src" }, "product_reference": "eap7-jackson-coreutils-0:1.8.0-1.redhat_00002.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el9eap.noarch" }, "product_reference": "eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el9eap.src" }, "product_reference": "eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el9eap.noarch" }, "product_reference": "eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el9eap.src" }, "product_reference": "eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jakarta-security-enterprise-api-0:1.0.2-3.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jakarta-security-enterprise-api-0:1.0.2-3.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jakarta-security-enterprise-api-0:1.0.2-3.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jakarta-security-enterprise-api-0:1.0.2-3.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jakarta-security-enterprise-api-0:1.0.2-3.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jakarta-security-enterprise-api-0:1.0.2-3.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jansi-0:1.18.0-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jansi-0:1.18.0-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jansi-0:1.18.0-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jansi-0:1.18.0-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jansi-0:1.18.0-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jansi-0:1.18.0-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el9eap.src" }, "product_reference": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-java-classmate-0:1.5.1-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-java-classmate-0:1.5.1-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-java-classmate-0:1.5.1-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-java-classmate-0:1.5.1-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-java-classmate-0:1.5.1-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-java-classmate-0:1.5.1-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-javaee-jpa-spec-0:2.2.3-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-javaee-jpa-spec-0:2.2.3-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-javaee-jpa-spec-0:2.2.3-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-javaee-jpa-spec-0:2.2.3-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-javaee-jpa-spec-0:2.2.3-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-javaee-jpa-spec-0:2.2.3-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00002.1.el9eap.src" }, "product_reference": "eap7-javaee-security-soteria-0:1.0.1-3.redhat_00002.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-javaewah-0:1.1.7-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-javaewah-0:1.1.7-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-javaewah-0:1.1.7-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-javaewah-0:1.1.7-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-javaewah-0:1.1.7-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-javaewah-0:1.1.7-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-javapackages-tools-0:3.4.1-5.15.6.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-javapackages-tools-0:3.4.1-5.15.6.el9eap.noarch" }, "product_reference": "eap7-javapackages-tools-0:3.4.1-5.15.6.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-javapackages-tools-0:3.4.1-5.15.6.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-javapackages-tools-0:3.4.1-5.15.6.el9eap.src" }, "product_reference": "eap7-javapackages-tools-0:3.4.1-5.15.6.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jaxb-jxc-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jaxb-jxc-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jaxb-jxc-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jaxb-runtime-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jaxb-runtime-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jaxb-runtime-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jaxb-xjc-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jaxb-xjc-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jaxb-xjc-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jaxbintros-0:1.0.3-1.GA_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jaxbintros-0:1.0.3-1.GA_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jaxbintros-0:1.0.3-1.GA_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jaxbintros-0:1.0.3-1.GA_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jaxbintros-0:1.0.3-1.GA_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jaxbintros-0:1.0.3-1.GA_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jaxen-0:1.1.6-14.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jaxen-0:1.1.6-14.redhat_2.1.el9eap.noarch" }, "product_reference": "eap7-jaxen-0:1.1.6-14.redhat_2.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jaxen-0:1.1.6-14.redhat_2.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jaxen-0:1.1.6-14.redhat_2.1.el9eap.src" }, "product_reference": "eap7-jaxen-0:1.1.6-14.redhat_2.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-core-0:1.3.9-2.SP2_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-2.SP2_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jberet-core-0:1.3.9-2.SP2_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-aesh-0:2.4.0-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-aesh-0:2.4.0-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-aesh-0:2.4.0-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-aesh-0:2.4.0-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-aesh-0:2.4.0-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-aesh-0:2.4.0-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-batch-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-batch-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-batch-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-batch-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-batch-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-batch-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-classfilewriter-0:1.2.5-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-classfilewriter-0:1.2.5-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-classfilewriter-0:1.2.5-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-classfilewriter-0:1.2.5-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-classfilewriter-0:1.2.5-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-classfilewriter-0:1.2.5-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-common-beans-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-common-beans-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-common-beans-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-common-beans-0:2.0.1-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-common-beans-0:2.0.1-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-common-beans-0:2.0.1-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-concurrency-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-concurrency-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-concurrency-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-concurrency-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-concurrency-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-concurrency-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-connector-api_1.7_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-connector-api_1.7_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-connector-api_1.7_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-connector-api_1.7_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-connector-api_1.7_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-connector-api_1.7_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-dmr-0:1.5.1-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-dmr-0:1.5.1-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-dmr-0:1.5.1-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-dmr-0:1.5.1-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-dmr-0:1.5.1-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-dmr-0:1.5.1-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-ejb-api_3.2_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-ejb-api_3.2_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-ejb-api_3.2_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-ejb-api_3.2_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-ejb-api_3.2_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-ejb-api_3.2_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-ejb-client-0:4.0.44-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.44-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-ejb-client-0:4.0.44-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-ejb-client-0:4.0.44-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.44-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-ejb-client-0:4.0.44-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-ejb3-ext-api-0:2.3.0-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-ejb3-ext-api-0:2.3.0-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-ejb3-ext-api-0:2.3.0-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-ejb3-ext-api-0:2.3.0-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-ejb3-ext-api-0:2.3.0-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-ejb3-ext-api-0:2.3.0-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-el-api_3.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-el-api_3.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-el-api_3.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-el-api_3.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-el-api_3.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-el-api_3.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-genericjms-0:2.0.9-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-genericjms-0:2.0.9-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-genericjms-0:2.0.9-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-genericjms-0:2.0.9-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-genericjms-0:2.0.9-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-genericjms-0:2.0.9-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-iiop-client-0:1.0.1-3.Final_redhat_1.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-iiop-client-0:1.0.1-3.Final_redhat_1.1.el9eap.noarch" }, "product_reference": "eap7-jboss-iiop-client-0:1.0.1-3.Final_redhat_1.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-iiop-client-0:1.0.1-3.Final_redhat_1.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-iiop-client-0:1.0.1-3.Final_redhat_1.1.el9eap.src" }, "product_reference": "eap7-jboss-iiop-client-0:1.0.1-3.Final_redhat_1.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-interceptors-api_1.2_spec-0:2.0.0-3.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-interceptors-api_1.2_spec-0:2.0.0-3.Final_redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-jboss-interceptors-api_1.2_spec-0:2.0.0-3.Final_redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-interceptors-api_1.2_spec-0:2.0.0-3.Final_redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-interceptors-api_1.2_spec-0:2.0.0-3.Final_redhat_00002.1.el9eap.src" }, "product_reference": "eap7-jboss-interceptors-api_1.2_spec-0:2.0.0-3.Final_redhat_00002.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-j2eemgmt-api_1.1_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-j2eemgmt-api_1.1_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-j2eemgmt-api_1.1_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-j2eemgmt-api_1.1_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-j2eemgmt-api_1.1_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-j2eemgmt-api_1.1_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jacc-api_1.5_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-jacc-api_1.5_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-jacc-api_1.5_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jacc-api_1.5_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-jacc-api_1.5_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-jacc-api_1.5_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jaspi-api_1.1_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-jaspi-api_1.1_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-jaspi-api_1.1_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jaspi-api_1.1_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-jaspi-api_1.1_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-jaspi-api_1.1_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jaxb-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-jaxb-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-jaxb-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jaxb-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-jaxb-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-jaxb-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jaxrpc-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-jaxrpc-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-jaxrpc-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jaxrpc-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-jaxrpc-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-jaxrpc-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jaxrs-api_2.1_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-jaxrs-api_2.1_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-jaxrs-api_2.1_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jaxrs-api_2.1_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-jaxrs-api_2.1_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-jaxrs-api_2.1_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jaxws-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-jaxws-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-jaxws-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jaxws-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-jaxws-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-jaxws-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jms-api_2.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-jms-api_2.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-jms-api_2.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jms-api_2.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-jms-api_2.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-jms-api_2.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-jsp-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logging-0:3.4.1-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-logging-0:3.4.1-2.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-logging-0:3.4.1-2.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logging-0:3.4.1-2.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-logging-0:3.4.1-2.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-logging-0:3.4.1-2.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-marshalling-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-marshalling-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-marshalling-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-marshalling-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-marshalling-river-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-marshalling-river-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-metadata-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-metadata-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-metadata-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-metadata-0:13.0.0-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-metadata-0:13.0.0-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-metadata-0:13.0.0-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-metadata-appclient-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-metadata-appclient-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-metadata-appclient-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-metadata-common-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-metadata-common-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-metadata-common-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-metadata-ear-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-metadata-ear-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-metadata-ear-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-metadata-ejb-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-metadata-ejb-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-metadata-ejb-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-metadata-web-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-metadata-web-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-metadata-web-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-msc-0:1.4.12-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.12-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-msc-0:1.4.12-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-msc-0:1.4.12-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.12-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-msc-0:1.4.12-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-openjdk-orb-0:8.1.4-3.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-openjdk-orb-0:8.1.4-3.Final_redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-jboss-openjdk-orb-0:8.1.4-3.Final_redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-openjdk-orb-0:8.1.4-3.Final_redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-openjdk-orb-0:8.1.4-3.Final_redhat_00002.1.el9eap.src" }, "product_reference": "eap7-jboss-openjdk-orb-0:8.1.4-3.Final_redhat_00002.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-jmx-0:3.0.4-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-remoting-jmx-0:3.0.4-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-remoting-jmx-0:3.0.4-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-jmx-0:3.0.4-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-remoting-jmx-0:3.0.4-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-remoting-jmx-0:3.0.4-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-saaj-api_1.3_spec-0:1.0.6-1.Final_redhat_1.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.3_spec-0:1.0.6-1.Final_redhat_1.1.el9eap.noarch" }, "product_reference": "eap7-jboss-saaj-api_1.3_spec-0:1.0.6-1.Final_redhat_1.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-saaj-api_1.3_spec-0:1.0.6-1.Final_redhat_1.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.3_spec-0:1.0.6-1.Final_redhat_1.1.el9eap.src" }, "product_reference": "eap7-jboss-saaj-api_1.3_spec-0:1.0.6-1.Final_redhat_1.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-saaj-api_1.4_spec-0:1.0.2-1.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.4_spec-0:1.0.2-1.Final_redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-jboss-saaj-api_1.4_spec-0:1.0.2-1.Final_redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-saaj-api_1.4_spec-0:1.0.2-1.Final_redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.4_spec-0:1.0.2-1.Final_redhat_00002.1.el9eap.src" }, "product_reference": "eap7-jboss-saaj-api_1.4_spec-0:1.0.2-1.Final_redhat_00002.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-seam-int-0:7.0.0-6.GA_redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-seam-int-0:7.0.0-6.GA_redhat_2.1.el9eap.noarch" }, "product_reference": "eap7-jboss-seam-int-0:7.0.0-6.GA_redhat_2.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-seam-int-0:7.0.0-6.GA_redhat_2.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-seam-int-0:7.0.0-6.GA_redhat_2.1.el9eap.src" }, "product_reference": "eap7-jboss-seam-int-0:7.0.0-6.GA_redhat_2.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-security-negotiation-0:3.0.6-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-security-negotiation-0:3.0.6-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-security-negotiation-0:3.0.6-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-security-negotiation-0:3.0.6-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-security-negotiation-0:3.0.6-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-security-negotiation-0:3.0.6-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-security-xacml-0:2.0.8-17.Final_redhat_8.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-security-xacml-0:2.0.8-17.Final_redhat_8.1.el9eap.noarch" }, "product_reference": "eap7-jboss-security-xacml-0:2.0.8-17.Final_redhat_8.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-security-xacml-0:2.0.8-17.Final_redhat_8.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-security-xacml-0:2.0.8-17.Final_redhat_8.1.el9eap.src" }, "product_reference": "eap7-jboss-security-xacml-0:2.0.8-17.Final_redhat_8.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el9eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-servlet-api_4.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-servlet-api_4.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-servlet-api_4.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-servlet-api_4.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-servlet-api_4.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-servlet-api_4.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-stdio-0:1.1.0-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-stdio-0:1.1.0-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-stdio-0:1.1.0-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-stdio-0:1.1.0-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-stdio-0:1.1.0-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-stdio-0:1.1.0-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-threads-0:2.4.0-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-threads-0:2.4.0-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-threads-0:2.4.0-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-threads-0:2.4.0-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-threads-0:2.4.0-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-threads-0:2.4.0-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-transaction-api_1.3_spec-0:2.0.0-4.Final_redhat_00005.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-transaction-api_1.3_spec-0:2.0.0-4.Final_redhat_00005.1.el9eap.noarch" }, "product_reference": "eap7-jboss-transaction-api_1.3_spec-0:2.0.0-4.Final_redhat_00005.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-transaction-api_1.3_spec-0:2.0.0-4.Final_redhat_00005.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-transaction-api_1.3_spec-0:2.0.0-4.Final_redhat_00005.1.el9eap.src" }, "product_reference": "eap7-jboss-transaction-api_1.3_spec-0:2.0.0-4.Final_redhat_00005.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-transaction-spi-0:7.6.0-2.Final_redhat_1.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-transaction-spi-0:7.6.0-2.Final_redhat_1.1.el9eap.noarch" }, "product_reference": "eap7-jboss-transaction-spi-0:7.6.0-2.Final_redhat_1.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-transaction-spi-0:7.6.0-2.Final_redhat_1.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-transaction-spi-0:7.6.0-2.Final_redhat_1.1.el9eap.src" }, "product_reference": "eap7-jboss-transaction-spi-0:7.6.0-2.Final_redhat_1.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-websocket-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-websocket-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-websocket-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-websocket-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-websocket-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-websocket-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-weld-3.1-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-weld-3.1-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-weld-3.1-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-weld-3.1-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-weld-3.1-api-weld-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-weld-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-weld-3.1-api-weld-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-weld-3.1-api-weld-spi-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-weld-spi-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-weld-3.1-api-weld-spi-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jbossws-api-0:1.1.2-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jbossws-api-0:1.1.2-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jbossws-api-0:1.1.2-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jbossws-api-0:1.1.2-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jbossws-api-0:1.1.2-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jbossws-api-0:1.1.2-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jbossws-common-0:3.3.3-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jbossws-common-0:3.3.3-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jbossws-common-0:3.3.3-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jbossws-common-0:3.3.3-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jbossws-common-0:3.3.3-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jbossws-common-0:3.3.3-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jbossws-common-tools-0:1.3.2-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jbossws-common-tools-0:1.3.2-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jbossws-common-tools-0:1.3.2-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jbossws-common-tools-0:1.3.2-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jbossws-common-tools-0:1.3.2-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jbossws-common-tools-0:1.3.2-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jbossws-jaxws-undertow-httpspi-0:1.0.1-3.Final_redhat_1.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jbossws-jaxws-undertow-httpspi-0:1.0.1-3.Final_redhat_1.1.el9eap.noarch" }, "product_reference": "eap7-jbossws-jaxws-undertow-httpspi-0:1.0.1-3.Final_redhat_1.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jbossws-jaxws-undertow-httpspi-0:1.0.1-3.Final_redhat_1.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jbossws-jaxws-undertow-httpspi-0:1.0.1-3.Final_redhat_1.1.el9eap.src" }, "product_reference": "eap7-jbossws-jaxws-undertow-httpspi-0:1.0.1-3.Final_redhat_1.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jbossws-spi-0:3.3.1-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jbossws-spi-0:3.3.1-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jbossws-spi-0:3.3.1-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jbossws-spi-0:3.3.1-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jbossws-spi-0:3.3.1-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jbossws-spi-0:3.3.1-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jcip-annotations-0:1.0.0-5.redhat_8.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jcip-annotations-0:1.0.0-5.redhat_8.1.el9eap.noarch" }, "product_reference": "eap7-jcip-annotations-0:1.0.0-5.redhat_8.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jcip-annotations-0:1.0.0-5.redhat_8.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jcip-annotations-0:1.0.0-5.redhat_8.1.el9eap.src" }, "product_reference": "eap7-jcip-annotations-0:1.0.0-5.redhat_8.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jctools-0:2.1.2-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jctools-0:2.1.2-1.redhat_00003.1.el9eap.noarch" }, "product_reference": "eap7-jctools-0:2.1.2-1.redhat_00003.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jctools-0:2.1.2-1.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jctools-0:2.1.2-1.redhat_00003.1.el9eap.src" }, "product_reference": "eap7-jctools-0:2.1.2-1.redhat_00003.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jctools-core-0:2.1.2-1.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jctools-core-0:2.1.2-1.redhat_00003.1.el9eap.noarch" }, "product_reference": "eap7-jctools-core-0:2.1.2-1.redhat_00003.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jettison-0:1.4.0-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jettison-0:1.4.0-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jettison-0:1.4.0-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jettison-0:1.4.0-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jettison-0:1.4.0-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jettison-0:1.4.0-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jgroups-0:4.2.15-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jgroups-0:4.2.15-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jgroups-0:4.2.15-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jgroups-0:4.2.15-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jgroups-0:4.2.15-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jgroups-0:4.2.15-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jgroups-azure-0:1.3.1-1.1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jgroups-azure-0:1.3.1-1.1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jgroups-azure-0:1.3.1-1.1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jgroups-azure-0:1.3.1-1.1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jgroups-azure-0:1.3.1-1.1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jgroups-azure-0:1.3.1-1.1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-joda-time-0:2.9.7-2.redhat_1.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-joda-time-0:2.9.7-2.redhat_1.1.el9eap.noarch" }, "product_reference": "eap7-joda-time-0:2.9.7-2.redhat_1.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-joda-time-0:2.9.7-2.redhat_1.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-joda-time-0:2.9.7-2.redhat_1.1.el9eap.src" }, "product_reference": "eap7-joda-time-0:2.9.7-2.redhat_1.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-json-patch-0:1.9.0-1.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-json-patch-0:1.9.0-1.redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-json-patch-0:1.9.0-1.redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-json-patch-0:1.9.0-1.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-json-patch-0:1.9.0-1.redhat_00002.1.el9eap.src" }, "product_reference": "eap7-json-patch-0:1.9.0-1.redhat_00002.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jsonb-spec-0:1.0.2-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jsonb-spec-0:1.0.2-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jsonb-spec-0:1.0.2-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jsonb-spec-0:1.0.2-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jsonb-spec-0:1.0.2-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jsonb-spec-0:1.0.2-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el9eap.src" }, "product_reference": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jul-to-slf4j-stub-0:1.0.1-7.Final_redhat_3.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jul-to-slf4j-stub-0:1.0.1-7.Final_redhat_3.1.el9eap.noarch" }, "product_reference": "eap7-jul-to-slf4j-stub-0:1.0.1-7.Final_redhat_3.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jul-to-slf4j-stub-0:1.0.1-7.Final_redhat_3.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jul-to-slf4j-stub-0:1.0.1-7.Final_redhat_3.1.el9eap.src" }, "product_reference": "eap7-jul-to-slf4j-stub-0:1.0.1-7.Final_redhat_3.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el9eap.src" }, "product_reference": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el9eap.src" }, "product_reference": "eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-log4j2-jboss-logmanager-0:1.0.0-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.0.0-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-log4j2-jboss-logmanager-0:1.0.0-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-log4j2-jboss-logmanager-0:1.0.0-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.0.0-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-log4j2-jboss-logmanager-0:1.0.0-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-analyzers-common-0:5.5.5-3.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-3.redhat_2.1.el9eap.noarch" }, "product_reference": "eap7-lucene-analyzers-common-0:5.5.5-3.redhat_2.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-backward-codecs-0:5.5.5-3.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-3.redhat_2.1.el9eap.noarch" }, "product_reference": "eap7-lucene-backward-codecs-0:5.5.5-3.redhat_2.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-core-0:5.5.5-3.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-3.redhat_2.1.el9eap.noarch" }, "product_reference": "eap7-lucene-core-0:5.5.5-3.redhat_2.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-facet-0:5.5.5-3.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-3.redhat_2.1.el9eap.noarch" }, "product_reference": "eap7-lucene-facet-0:5.5.5-3.redhat_2.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-misc-0:5.5.5-3.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-3.redhat_2.1.el9eap.noarch" }, "product_reference": "eap7-lucene-misc-0:5.5.5-3.redhat_2.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-queries-0:5.5.5-3.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-3.redhat_2.1.el9eap.noarch" }, "product_reference": "eap7-lucene-queries-0:5.5.5-3.redhat_2.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-queryparser-0:5.5.5-3.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-3.redhat_2.1.el9eap.noarch" }, "product_reference": "eap7-lucene-queryparser-0:5.5.5-3.redhat_2.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-solr-0:5.5.5-3.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-3.redhat_2.1.el9eap.noarch" }, "product_reference": "eap7-lucene-solr-0:5.5.5-3.redhat_2.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-lucene-solr-0:5.5.5-3.redhat_2.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-3.redhat_2.1.el9eap.src" }, "product_reference": "eap7-lucene-solr-0:5.5.5-3.redhat_2.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-mod_cluster-0:1.4.4-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.4-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-mod_cluster-0:1.4.4-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-mod_cluster-0:1.4.4-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.4-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-mod_cluster-0:1.4.4-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-mustache-java-0:0.9.6-1.1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-mustache-java-0:0.9.6-1.1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-mustache-java-0:0.9.6-1.1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-mustache-java-0:0.9.6-1.1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-mustache-java-0:0.9.6-1.1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-mustache-java-0:0.9.6-1.1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-mustache-java-compiler-0:0.9.6-1.1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-mustache-java-compiler-0:0.9.6-1.1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-mustache-java-compiler-0:0.9.6-1.1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-neethi-0:3.1.1-1.1.redhat_1.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-neethi-0:3.1.1-1.1.redhat_1.1.el9eap.noarch" }, "product_reference": "eap7-neethi-0:3.1.1-1.1.redhat_1.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-neethi-0:3.1.1-1.1.redhat_1.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-neethi-0:3.1.1-1.1.redhat_1.1.el9eap.src" }, "product_reference": "eap7-neethi-0:3.1.1-1.1.redhat_1.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.x86_64" }, "product_reference": "eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.x86_64", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.77-1.Final_redhat_00001.1.el9eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.77-1.Final_redhat_00001.1.el9eap.x86_64" }, "product_reference": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.77-1.Final_redhat_00001.1.el9eap.x86_64", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-xnio-transport-0:0.1.9-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-xnio-transport-0:0.1.9-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-xnio-transport-0:0.1.9-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-xnio-transport-0:0.1.9-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-xnio-transport-0:0.1.9-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-netty-xnio-transport-0:0.1.9-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el9eap.src" }, "product_reference": "eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-opensaml-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-opensaml-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-opensaml-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-opensaml-0:3.3.1-1.1.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-opensaml-0:3.3.1-1.1.redhat_00002.1.el9eap.src" }, "product_reference": "eap7-opensaml-0:3.3.1-1.1.redhat_00002.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-opensaml-core-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-opensaml-core-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-opensaml-core-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-opensaml-profile-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-opensaml-profile-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-opensaml-profile-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-opensaml-saml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-opensaml-saml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-opensaml-saml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-opensaml-saml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-opensaml-saml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-opensaml-saml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-opensaml-security-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-opensaml-security-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-opensaml-security-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-opensaml-security-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-opensaml-security-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-opensaml-security-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-opensaml-soap-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-opensaml-soap-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-opensaml-soap-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-opensaml-xacml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-opensaml-xacml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-opensaml-xacml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-opensaml-xacml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-opensaml-xacml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-opensaml-xacml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-opensaml-xacml-saml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-opensaml-xacml-saml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-opensaml-xacml-saml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-opensaml-xacml-saml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-opensaml-xacml-saml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-opensaml-xacml-saml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-opensaml-xmlsec-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-opensaml-xmlsec-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-opensaml-xmlsec-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-opensaml-xmlsec-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-opensaml-xmlsec-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-opensaml-xmlsec-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el9eap.noarch" }, "product_reference": "eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el9eap.src" }, "product_reference": "eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketbox-commons-0:1.0.0-4.final_redhat_5.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-picketbox-commons-0:1.0.0-4.final_redhat_5.1.el9eap.noarch" }, "product_reference": "eap7-picketbox-commons-0:1.0.0-4.final_redhat_5.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketbox-commons-0:1.0.0-4.final_redhat_5.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-picketbox-commons-0:1.0.0-4.final_redhat_5.1.el9eap.src" }, "product_reference": "eap7-picketbox-commons-0:1.0.0-4.final_redhat_5.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketbox-infinispan-0:5.0.3-10.Final_redhat_00009.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-10.Final_redhat_00009.1.el9eap.noarch" }, "product_reference": "eap7-picketbox-infinispan-0:5.0.3-10.Final_redhat_00009.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-api-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch" }, "product_reference": "eap7-picketlink-api-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el9eap.noarch" }, "product_reference": "eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el9eap.src" }, "product_reference": "eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-common-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch" }, "product_reference": "eap7-picketlink-common-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-config-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch" }, "product_reference": "eap7-picketlink-config-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch" }, "product_reference": "eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el9eap.src" }, "product_reference": "eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-idm-api-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch" }, "product_reference": "eap7-picketlink-idm-api-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-idm-impl-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch" }, "product_reference": "eap7-picketlink-idm-impl-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-idm-simple-schema-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch" }, "product_reference": "eap7-picketlink-idm-simple-schema-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-impl-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch" }, "product_reference": "eap7-picketlink-impl-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-wildfly8-0:2.5.5-26.SP12_redhat_00014.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-26.SP12_redhat_00014.1.el9eap.noarch" }, "product_reference": "eap7-picketlink-wildfly8-0:2.5.5-26.SP12_redhat_00014.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-protostream-0:4.3.5-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-protostream-0:4.3.5-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-protostream-0:4.3.5-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-protostream-0:4.3.5-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-python3-javapackages-0:3.4.1-5.15.6.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-python3-javapackages-0:3.4.1-5.15.6.el9eap.noarch" }, "product_reference": "eap7-python3-javapackages-0:3.4.1-5.15.6.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-reactive-streams-0:1.0.3-2.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-reactive-streams-0:1.0.3-2.redhat_00003.1.el9eap.noarch" }, "product_reference": "eap7-reactive-streams-0:1.0.3-2.redhat_00003.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-reactive-streams-0:1.0.3-2.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-reactive-streams-0:1.0.3-2.redhat_00003.1.el9eap.src" }, "product_reference": "eap7-reactive-streams-0:1.0.3-2.redhat_00003.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-reactivex-rxjava-0:3.0.9-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-reactivex-rxjava-0:3.0.9-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-reactivex-rxjava-0:3.0.9-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-reactivex-rxjava-0:3.0.9-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-reactivex-rxjava-0:3.0.9-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-reactivex-rxjava-0:3.0.9-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-reactivex-rxjava2-0:2.2.20-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-reactivex-rxjava2-0:2.2.20-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-reactivex-rxjava2-0:2.2.20-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-reactivex-rxjava2-0:2.2.20-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-reactivex-rxjava2-0:2.2.20-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-reactivex-rxjava2-0:2.2.20-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-relaxng-datatype-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-relaxng-datatype-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-relaxng-datatype-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-0:3.15.3-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.3-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-resteasy-0:3.15.3-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-atom-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-atom-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-cdi-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-cdi-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-client-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-client-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-crypto-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-crypto-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jackson-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-jackson-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jackson2-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-jackson2-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jaxb-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-jaxb-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jaxrs-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-jaxrs-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jettison-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-jettison-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jose-jwt-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-jose-jwt-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jsapi-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-jsapi-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-json-binding-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-json-binding-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-json-p-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-json-p-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-multipart-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-multipart-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-rxjava2-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-rxjava2-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-spring-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-spring-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-validator-provider-11-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-validator-provider-11-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-yaml-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-yaml-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-rngom-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-rngom-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-rngom-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-runtime-0:1-18.el9eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-runtime-0:1-18.el9eap.x86_64" }, "product_reference": "eap7-runtime-0:1-18.el9eap.x86_64", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-shibboleth-java-support-0:7.3.0-1.1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-shibboleth-java-support-0:7.3.0-1.1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-shibboleth-java-support-0:7.3.0-1.1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-shibboleth-java-support-0:7.3.0-1.1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-shibboleth-java-support-0:7.3.0-1.1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-shibboleth-java-support-0:7.3.0-1.1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-slf4j-0:1.7.22-4.1.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-slf4j-0:1.7.22-4.1.redhat_2.1.el9eap.noarch" }, "product_reference": "eap7-slf4j-0:1.7.22-4.1.redhat_2.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-slf4j-0:1.7.22-4.1.redhat_2.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-slf4j-0:1.7.22-4.1.redhat_2.1.el9eap.src" }, "product_reference": "eap7-slf4j-0:1.7.22-4.1.redhat_2.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-slf4j-api-0:1.7.22-4.1.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-slf4j-api-0:1.7.22-4.1.redhat_2.1.el9eap.noarch" }, "product_reference": "eap7-slf4j-api-0:1.7.22-4.1.redhat_2.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-slf4j-ext-0:1.7.22-4.1.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-slf4j-ext-0:1.7.22-4.1.redhat_2.1.el9eap.noarch" }, "product_reference": "eap7-slf4j-ext-0:1.7.22-4.1.redhat_2.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-slf4j-jboss-logmanager-0:1.1.0-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-slf4j-jboss-logmanager-0:1.1.0-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-slf4j-jboss-logmanager-0:1.1.0-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-slf4j-jboss-logmanager-0:1.1.0-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-slf4j-jboss-logmanager-0:1.1.0-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-slf4j-jboss-logmanager-0:1.1.0-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el9eap.noarch" }, "product_reference": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el9eap.src" }, "product_reference": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-stax-ex-0:1.8.3-2.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-stax-ex-0:1.8.3-2.redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-stax-ex-0:1.8.3-2.redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-stax-ex-0:1.8.3-2.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-stax-ex-0:1.8.3-2.redhat_00002.1.el9eap.src" }, "product_reference": "eap7-stax-ex-0:1.8.3-2.redhat_00002.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-stax2-api-0:4.2.1-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-stax2-api-0:4.2.1-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-stax2-api-0:4.2.1-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-stax2-api-0:4.2.1-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-stax2-api-0:4.2.1-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-stax2-api-0:4.2.1-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-staxmapper-0:1.3.0-2.Final_redhat_1.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-staxmapper-0:1.3.0-2.Final_redhat_1.1.el9eap.noarch" }, "product_reference": "eap7-staxmapper-0:1.3.0-2.Final_redhat_1.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-staxmapper-0:1.3.0-2.Final_redhat_1.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-staxmapper-0:1.3.0-2.Final_redhat_1.1.el9eap.src" }, "product_reference": "eap7-staxmapper-0:1.3.0-2.Final_redhat_1.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-sun-istack-commons-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-sun-istack-commons-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-sun-istack-commons-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-sun-istack-commons-0:3.0.10-1.1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-sun-istack-commons-0:3.0.10-1.1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-sun-istack-commons-0:3.0.10-1.1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-sun-saaj-1.3-impl-0:1.3.16-18.SP1_redhat_6.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-sun-saaj-1.3-impl-0:1.3.16-18.SP1_redhat_6.1.el9eap.noarch" }, "product_reference": "eap7-sun-saaj-1.3-impl-0:1.3.16-18.SP1_redhat_6.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-sun-saaj-1.3-impl-0:1.3.16-18.SP1_redhat_6.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-sun-saaj-1.3-impl-0:1.3.16-18.SP1_redhat_6.1.el9eap.src" }, "product_reference": "eap7-sun-saaj-1.3-impl-0:1.3.16-18.SP1_redhat_6.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-sun-saaj-1.4-impl-0:1.4.1-1.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-sun-saaj-1.4-impl-0:1.4.1-1.SP1_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-sun-saaj-1.4-impl-0:1.4.1-1.SP1_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-sun-saaj-1.4-impl-0:1.4.1-1.SP1_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-sun-saaj-1.4-impl-0:1.4.1-1.SP1_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-sun-saaj-1.4-impl-0:1.4.1-1.SP1_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-sun-ws-metadata-2.0-api-0:1.0.0-7.MR1_redhat_8.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-sun-ws-metadata-2.0-api-0:1.0.0-7.MR1_redhat_8.1.el9eap.noarch" }, "product_reference": "eap7-sun-ws-metadata-2.0-api-0:1.0.0-7.MR1_redhat_8.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-sun-ws-metadata-2.0-api-0:1.0.0-7.MR1_redhat_8.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-sun-ws-metadata-2.0-api-0:1.0.0-7.MR1_redhat_8.1.el9eap.src" }, "product_reference": "eap7-sun-ws-metadata-2.0-api-0:1.0.0-7.MR1_redhat_8.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-taglibs-standard-compat-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-taglibs-standard-compat-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch" }, "product_reference": "eap7-taglibs-standard-compat-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-taglibs-standard-impl-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-taglibs-standard-impl-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch" }, "product_reference": "eap7-taglibs-standard-impl-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-taglibs-standard-spec-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-taglibs-standard-spec-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch" }, "product_reference": "eap7-taglibs-standard-spec-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-tomcat-taglibs-standard-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-tomcat-taglibs-standard-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.src" }, "product_reference": "eap7-tomcat-taglibs-standard-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-txw2-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-txw2-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-txw2-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-jastow-0:2.0.9-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-undertow-jastow-0:2.0.9-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-undertow-jastow-0:2.0.9-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-jastow-0:2.0.9-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-undertow-jastow-0:2.0.9-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-undertow-jastow-0:2.0.9-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-js-0:1.0.2-2.Final_redhat_1.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-undertow-js-0:1.0.2-2.Final_redhat_1.1.el9eap.noarch" }, "product_reference": "eap7-undertow-js-0:1.0.2-2.Final_redhat_1.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-js-0:1.0.2-2.Final_redhat_1.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-undertow-js-0:1.0.2-2.Final_redhat_1.1.el9eap.src" }, "product_reference": "eap7-undertow-js-0:1.0.2-2.Final_redhat_1.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-server-0:1.9.2-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.2-2.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-undertow-server-0:1.9.2-2.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-vdx-0:1.1.6-2.redhat_1.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-vdx-0:1.1.6-2.redhat_1.1.el9eap.src" }, "product_reference": "eap7-vdx-0:1.1.6-2.redhat_1.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-vdx-core-0:1.1.6-2.redhat_1.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-vdx-core-0:1.1.6-2.redhat_1.1.el9eap.noarch" }, "product_reference": "eap7-vdx-core-0:1.1.6-2.redhat_1.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-vdx-wildfly-0:1.1.6-2.redhat_1.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-vdx-wildfly-0:1.1.6-2.redhat_1.1.el9eap.noarch" }, "product_reference": "eap7-vdx-wildfly-0:1.1.6-2.redhat_1.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-velocity-0:2.3.0-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-velocity-0:2.3.0-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-velocity-0:2.3.0-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-velocity-0:2.3.0-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-cdi-2.0-api-0:2.0.2-2.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-weld-cdi-2.0-api-0:2.0.2-2.redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-weld-cdi-2.0-api-0:2.0.2-2.redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-cdi-2.0-api-0:2.0.2-2.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-weld-cdi-2.0-api-0:2.0.2-2.redhat_00002.1.el9eap.src" }, "product_reference": "eap7-weld-cdi-2.0-api-0:2.0.2-2.redhat_00002.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-weld-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-weld-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-weld-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-weld-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-impl-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-weld-core-impl-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-jsf-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-weld-core-jsf-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-ejb-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-weld-ejb-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-jta-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-weld-jta-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-probe-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-weld-probe-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-web-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-weld-web-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-weld-web-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el9eap.src" }, "product_reference": "eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-client-config-0:1.0.1-2.1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-client-config-0:1.0.1-2.1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-client-config-0:1.0.1-2.1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-client-config-0:1.0.1-2.1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-client-config-0:1.0.1-2.1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-wildfly-client-config-0:1.0.1-2.1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-common-0:1.5.4-1.1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-common-0:1.5.4-1.1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-common-0:1.5.4-1.1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-common-0:1.5.4-1.1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-common-0:1.5.4-1.1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-wildfly-common-0:1.5.4-1.1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-discovery-0:1.2.1-1.1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-discovery-0:1.2.1-1.1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-wildfly-discovery-0:1.2.1-1.1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-discovery-client-0:1.2.1-1.1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-discovery-client-0:1.2.1-1.1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-discovery-client-0:1.2.1-1.1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.15.13-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.13-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.15.13-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-wildfly-http-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-common-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-http-client-common-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-ejb-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-http-ejb-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-naming-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-http-naming-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-transaction-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-http-transaction-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-naming-client-0:1.0.14-1.1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.14-1.1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-naming-client-0:1.0.14-1.1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-naming-client-0:1.0.14-1.1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.14-1.1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-wildfly-naming-client-0:1.0.14-1.1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-el9-x86_64-0:2.2.2-1.Final_redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-openssl-el9-x86_64-0:2.2.2-1.Final_redhat_00002.1.el9eap.src" }, "product_reference": "eap7-wildfly-openssl-el9-x86_64-0:2.2.2-1.Final_redhat_00002.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-el9-x86_64-0:2.2.2-1.Final_redhat_00002.1.el9eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-openssl-el9-x86_64-0:2.2.2-1.Final_redhat_00002.1.el9eap.x86_64" }, "product_reference": "eap7-wildfly-openssl-el9-x86_64-0:2.2.2-1.Final_redhat_00002.1.el9eap.x86_64", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-el9-x86_64-debuginfo-0:2.2.2-1.Final_redhat_00002.1.el9eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-openssl-el9-x86_64-debuginfo-0:2.2.2-1.Final_redhat_00002.1.el9eap.x86_64" }, "product_reference": "eap7-wildfly-openssl-el9-x86_64-debuginfo-0:2.2.2-1.Final_redhat_00002.1.el9eap.x86_64", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-java-0:2.2.3-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.3-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-openssl-java-0:2.2.3-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-woodstox-core-0:6.0.3-1.1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.0.3-1.1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-woodstox-core-0:6.0.3-1.1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-woodstox-core-0:6.0.3-1.1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.0.3-1.1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-woodstox-core-0:6.0.3-1.1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wsdl4j-0:1.6.3-13.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wsdl4j-0:1.6.3-13.redhat_2.1.el9eap.noarch" }, "product_reference": "eap7-wsdl4j-0:1.6.3-13.redhat_2.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wsdl4j-0:1.6.3-13.redhat_2.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wsdl4j-0:1.6.3-13.redhat_2.1.el9eap.src" }, "product_reference": "eap7-wsdl4j-0:1.6.3-13.redhat_2.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wss4j-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-wss4j-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wss4j-0:2.2.7-1.1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-wss4j-0:2.2.7-1.1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wss4j-bindings-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-wss4j-bindings-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wss4j-policy-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-wss4j-policy-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wss4j-ws-security-common-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-wss4j-ws-security-common-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wss4j-ws-security-dom-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-wss4j-ws-security-dom-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wss4j-ws-security-stax-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-wss4j-ws-security-stax-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el9eap.noarch" }, "product_reference": "eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el9eap.src" }, "product_reference": "eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xml-commons-resolver-0:1.2.0-7.redhat_12.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-xml-commons-resolver-0:1.2.0-7.redhat_12.1.el9eap.noarch" }, "product_reference": "eap7-xml-commons-resolver-0:1.2.0-7.redhat_12.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xml-commons-resolver-0:1.2.0-7.redhat_12.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-xml-commons-resolver-0:1.2.0-7.redhat_12.1.el9eap.src" }, "product_reference": "eap7-xml-commons-resolver-0:1.2.0-7.redhat_12.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xml-resolver-0:1.2.0-7.redhat_12.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-xml-resolver-0:1.2.0-7.redhat_12.1.el9eap.noarch" }, "product_reference": "eap7-xml-resolver-0:1.2.0-7.redhat_12.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xml-security-0:2.1.7-1.1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-xml-security-0:2.1.7-1.1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xml-security-0:2.1.7-1.1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-xml-security-0:2.1.7-1.1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xom-0:1.3.7-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-xom-0:1.3.7-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xom-0:1.3.7-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-xom-0:1.3.7-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xsom-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-xsom-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-xsom-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-yasson-0:1.0.10-1.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-44906", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066009" } ], "notes": [ { "category": "description", "text": "An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "minimist: prototype pollution", "title": "Vulnerability summary" }, { "category": "other", "text": "The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. While this flaw (CVE-2021-44906) enables attackers to control objects that they should not have access to, actual exploitation would still require a chain of independent flaws. Even though the CVSS for CVE-2021-44906 is higher than CVE-2020-7598, they are both rated as having Moderate impact.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-JBEAP-7.4:eap7-0:1-18.el9eap.src", "9Base-JBEAP-7.4:eap7-0:1-18.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-FastInfoset-0:1.2.13-11.1.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-aesh-extensions-0:1.8.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-aesh-extensions-0:1.8.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-aesh-readline-0:2.2.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-aesh-readline-0:2.2.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-agroal-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-agroal-0:1.3.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-agroal-api-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-agroal-narayana-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-agroal-pool-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-antlr-0:2.7.7-54.redhat_7.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-antlr-0:2.7.7-54.redhat_7.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-cli-0:1.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-cli-0:1.4.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-codec-0:1.15.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-codec-0:1.15.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-collections-0:3.2.2-9.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-collections-0:3.2.2-9.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-lang-0:3.11.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-lang-0:3.11.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-lang2-0:2.6.0-1.redhat_7.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-lang2-0:2.6.0-1.redhat_7.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-xjc-utils-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-xjc-utils-0:3.3.1-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-mime4j-0:0.6.0-4.1.redhat_7.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-mime4j-0:0.6.0-4.1.redhat_7.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-3.redhat_1.el9eap.src", "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-3.redhat_1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-atinject-0:1.0.3-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-atinject-0:1.0.3-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-avro-0:1.7.6-7.1.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-avro-0:1.7.6-7.1.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-azure-storage-0:8.6.6-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-azure-storage-0:8.6.6-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.68.0-2.redhat_00005.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-caffeine-0:2.8.8-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-caffeine-0:2.8.8-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-cal10n-0:0.8.1-6.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cal10n-0:0.8.1-6.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-codehaus-jackson-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codehaus-jackson-0:1.9.13-10.redhat_00007.1.el9eap.src", "9Base-JBEAP-7.4:eap7-codehaus-jackson-core-asl-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codehaus-jackson-jaxrs-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codehaus-jackson-mapper-asl-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codehaus-jackson-xc-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codemodel-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-commons-logging-jboss-logging-0:1.0.0-1.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-commons-logging-jboss-logging-0:1.0.0-1.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-cryptacular-0:1.2.4-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cryptacular-0:1.2.4-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-cxf-xjc-boolean-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cxf-xjc-bug986-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cxf-xjc-dv-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cxf-xjc-runtime-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cxf-xjc-ts-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.2-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el9eap.src", "9Base-JBEAP-7.4:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-concurrent-0:1.1.1-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-concurrent-0:1.1.1-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-fastinfoset-0:1.2.13-11.1.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-fastinfoset-0:1.2.13-11.1.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.5-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.5-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-jaxb-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaxb-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-json-0:1.1.6-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-json-0:1.1.6-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-gnu-getopt-0:1.0.13-6.redhat_5.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-gnu-getopt-0:1.0.13-6.redhat_5.1.el9eap.src", "9Base-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-guava-0:30.1.0-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-guava-libraries-0:30.1.0-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-guava-libraries-0:30.1.0-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-beanvalidation-api-0:2.0.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-beanvalidation-api-0:2.0.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-commons-annotations-0:5.0.5-1.1.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-commons-annotations-0:5.0.5-1.1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hornetq-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hornetq-0:2.4.8-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hornetq-commons-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hornetq-core-client-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hornetq-jms-client-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-httpcomponents-asyncclient-0:4.1.4-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-httpcomponents-asyncclient-0:4.1.4-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-httpcomponents-client-0:4.5.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-httpcomponents-client-0:4.5.13-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-httpcomponents-core-0:4.4.14-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-httpcomponents-core-0:4.4.14-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-istack-commons-runtime-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-istack-commons-tools-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-coreutils-0:1.8.0-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-coreutils-0:1.8.0-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jakarta-security-enterprise-api-0:1.0.2-3.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jakarta-security-enterprise-api-0:1.0.2-3.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jansi-0:1.18.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jansi-0:1.18.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-java-classmate-0:1.5.1-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-java-classmate-0:1.5.1-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-jpa-spec-0:2.2.3-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-jpa-spec-0:2.2.3-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaewah-0:1.1.7-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaewah-0:1.1.7-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javapackages-tools-0:3.4.1-5.15.6.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javapackages-tools-0:3.4.1-5.15.6.el9eap.src", "9Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jaxb-jxc-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxb-runtime-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxb-xjc-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxbintros-0:1.0.3-1.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxbintros-0:1.0.3-1.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jaxen-0:1.1.6-14.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxen-0:1.1.6-14.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-2.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-aesh-0:2.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-aesh-0:2.4.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-batch-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-batch-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-classfilewriter-0:1.2.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-classfilewriter-0:1.2.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-common-beans-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-common-beans-0:2.0.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-concurrency-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-concurrency-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-connector-api_1.7_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-connector-api_1.7_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-dmr-0:1.5.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-dmr-0:1.5.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-ejb-api_3.2_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-api_3.2_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.44-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.44-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-ejb3-ext-api-0:2.3.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb3-ext-api-0:2.3.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-el-api_3.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-el-api_3.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-genericjms-0:2.0.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-genericjms-0:2.0.9-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-iiop-client-0:1.0.1-3.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-iiop-client-0:1.0.1-3.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-interceptors-api_1.2_spec-0:2.0.0-3.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-interceptors-api_1.2_spec-0:2.0.0-3.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-j2eemgmt-api_1.1_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-j2eemgmt-api_1.1_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jacc-api_1.5_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jacc-api_1.5_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaspi-api_1.1_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaspi-api_1.1_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaxb-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaxb-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaxrpc-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaxrpc-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaxrs-api_2.1_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaxrs-api_2.1_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaxws-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaxws-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jms-api_2.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jms-api_2.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-logging-0:3.4.1-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-logging-0:3.4.1-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-0:13.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-metadata-appclient-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-common-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-ear-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-ejb-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-web-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.12-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.12-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-openjdk-orb-0:8.1.4-3.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-openjdk-orb-0:8.1.4-3.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-jmx-0:3.0.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-jmx-0:3.0.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.3_spec-0:1.0.6-1.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.3_spec-0:1.0.6-1.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.4_spec-0:1.0.2-1.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.4_spec-0:1.0.2-1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-seam-int-0:7.0.0-6.GA_redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-seam-int-0:7.0.0-6.GA_redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-security-negotiation-0:3.0.6-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-security-negotiation-0:3.0.6-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-security-xacml-0:2.0.8-17.Final_redhat_8.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-security-xacml-0:2.0.8-17.Final_redhat_8.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-servlet-api_4.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-servlet-api_4.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-stdio-0:1.1.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-stdio-0:1.1.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-threads-0:2.4.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-threads-0:2.4.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-transaction-api_1.3_spec-0:2.0.0-4.Final_redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-transaction-api_1.3_spec-0:2.0.0-4.Final_redhat_00005.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-transaction-spi-0:7.6.0-2.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-transaction-spi-0:7.6.0-2.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-websocket-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-websocket-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-weld-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-weld-spi-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-api-0:1.1.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-api-0:1.1.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-common-0:3.3.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-common-0:3.3.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-common-tools-0:1.3.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-common-tools-0:1.3.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-jaxws-undertow-httpspi-0:1.0.1-3.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-jaxws-undertow-httpspi-0:1.0.1-3.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-spi-0:3.3.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-spi-0:3.3.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jcip-annotations-0:1.0.0-5.redhat_8.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jcip-annotations-0:1.0.0-5.redhat_8.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jctools-0:2.1.2-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jctools-0:2.1.2-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jctools-core-0:2.1.2-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.4.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-0:4.2.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-0:4.2.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-azure-0:1.3.1-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-azure-0:1.3.1-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-joda-time-0:2.9.7-2.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-joda-time-0:2.9.7-2.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-json-patch-0:1.9.0-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-json-patch-0:1.9.0-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jsonb-spec-0:1.0.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jsonb-spec-0:1.0.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jul-to-slf4j-stub-0:1.0.1-7.Final_redhat_3.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jul-to-slf4j-stub-0:1.0.1-7.Final_redhat_3.1.el9eap.src", "9Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-3.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mustache-java-0:0.9.6-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mustache-java-0:0.9.6-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mustache-java-compiler-0:0.9.6-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-neethi-0:3.1.1-1.1.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-neethi-0:3.1.1-1.1.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.77-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-xnio-transport-0:0.1.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-xnio-transport-0:0.1.9-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-opensaml-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-0:3.3.1-1.1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-opensaml-core-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-profile-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-saml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-saml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-security-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-security-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-soap-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xacml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xacml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xacml-saml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xacml-saml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xmlsec-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xmlsec-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketbox-commons-0:1.0.0-4.final_redhat_5.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketbox-commons-0:1.0.0-4.final_redhat_5.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-10.Final_redhat_00009.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-26.SP12_redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-python3-javapackages-0:3.4.1-5.15.6.el9eap.noarch", "9Base-JBEAP-7.4:eap7-reactive-streams-0:1.0.3-2.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-reactive-streams-0:1.0.3-2.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-reactivex-rxjava-0:3.0.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-reactivex-rxjava-0:3.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-reactivex-rxjava2-0:2.2.20-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-reactivex-rxjava2-0:2.2.20-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-relaxng-datatype-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-rngom-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-runtime-0:1-18.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-shibboleth-java-support-0:7.3.0-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-shibboleth-java-support-0:7.3.0-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-slf4j-0:1.7.22-4.1.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-slf4j-0:1.7.22-4.1.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-slf4j-api-0:1.7.22-4.1.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-slf4j-ext-0:1.7.22-4.1.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-slf4j-jboss-logmanager-0:1.1.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-slf4j-jboss-logmanager-0:1.1.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el9eap.noarch", "9Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el9eap.src", "9Base-JBEAP-7.4:eap7-stax-ex-0:1.8.3-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-stax-ex-0:1.8.3-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-stax2-api-0:4.2.1-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-stax2-api-0:4.2.1-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-staxmapper-0:1.3.0-2.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-staxmapper-0:1.3.0-2.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-sun-istack-commons-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-sun-istack-commons-0:3.0.10-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-sun-saaj-1.3-impl-0:1.3.16-18.SP1_redhat_6.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-sun-saaj-1.3-impl-0:1.3.16-18.SP1_redhat_6.1.el9eap.src", "9Base-JBEAP-7.4:eap7-sun-saaj-1.4-impl-0:1.4.1-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-sun-saaj-1.4-impl-0:1.4.1-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-sun-ws-metadata-2.0-api-0:1.0.0-7.MR1_redhat_8.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-sun-ws-metadata-2.0-api-0:1.0.0-7.MR1_redhat_8.1.el9eap.src", "9Base-JBEAP-7.4:eap7-taglibs-standard-compat-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-taglibs-standard-impl-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-taglibs-standard-spec-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-tomcat-taglibs-standard-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-txw2-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-jastow-0:2.0.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-jastow-0:2.0.9-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-js-0:1.0.2-2.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-js-0:1.0.2-2.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.2-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-vdx-0:1.1.6-2.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-vdx-core-0:1.1.6-2.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-vdx-wildfly-0:1.1.6-2.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-cdi-2.0-api-0:2.0.2-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-cdi-2.0-api-0:2.0.2-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-weld-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-web-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-client-config-0:1.0.1-2.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-client-config-0:1.0.1-2.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-common-0:1.5.4-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-common-0:1.5.4-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-discovery-0:1.2.1-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-discovery-client-0:1.2.1-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.13-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.14-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.14-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-openssl-el9-x86_64-0:2.2.2-1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-openssl-el9-x86_64-0:2.2.2-1.Final_redhat_00002.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-wildfly-openssl-el9-x86_64-debuginfo-0:2.2.2-1.Final_redhat_00002.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.0.3-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.0.3-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wsdl4j-0:1.6.3-13.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wsdl4j-0:1.6.3-13.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xml-commons-resolver-0:1.2.0-7.redhat_12.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xml-commons-resolver-0:1.2.0-7.redhat_12.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xml-resolver-0:1.2.0-7.redhat_12.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xsom-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el9eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44906" }, { "category": "external", "summary": "RHBZ#2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h" } ], "release_date": "2022-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258", "product_ids": [ "9Base-JBEAP-7.4:eap7-0:1-18.el9eap.src", "9Base-JBEAP-7.4:eap7-0:1-18.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-FastInfoset-0:1.2.13-11.1.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-aesh-extensions-0:1.8.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-aesh-extensions-0:1.8.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-aesh-readline-0:2.2.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-aesh-readline-0:2.2.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-agroal-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-agroal-0:1.3.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-agroal-api-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-agroal-narayana-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-agroal-pool-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-antlr-0:2.7.7-54.redhat_7.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-antlr-0:2.7.7-54.redhat_7.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-cli-0:1.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-cli-0:1.4.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-codec-0:1.15.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-codec-0:1.15.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-collections-0:3.2.2-9.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-collections-0:3.2.2-9.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-lang-0:3.11.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-lang-0:3.11.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-lang2-0:2.6.0-1.redhat_7.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-lang2-0:2.6.0-1.redhat_7.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-xjc-utils-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-xjc-utils-0:3.3.1-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-mime4j-0:0.6.0-4.1.redhat_7.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-mime4j-0:0.6.0-4.1.redhat_7.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-3.redhat_1.el9eap.src", "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-3.redhat_1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-atinject-0:1.0.3-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-atinject-0:1.0.3-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-avro-0:1.7.6-7.1.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-avro-0:1.7.6-7.1.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-azure-storage-0:8.6.6-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-azure-storage-0:8.6.6-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.68.0-2.redhat_00005.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-caffeine-0:2.8.8-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-caffeine-0:2.8.8-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-cal10n-0:0.8.1-6.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cal10n-0:0.8.1-6.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-codehaus-jackson-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codehaus-jackson-0:1.9.13-10.redhat_00007.1.el9eap.src", "9Base-JBEAP-7.4:eap7-codehaus-jackson-core-asl-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codehaus-jackson-jaxrs-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codehaus-jackson-mapper-asl-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codehaus-jackson-xc-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codemodel-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-commons-logging-jboss-logging-0:1.0.0-1.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-commons-logging-jboss-logging-0:1.0.0-1.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-cryptacular-0:1.2.4-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cryptacular-0:1.2.4-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-cxf-xjc-boolean-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cxf-xjc-bug986-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cxf-xjc-dv-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cxf-xjc-runtime-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cxf-xjc-ts-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.2-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el9eap.src", "9Base-JBEAP-7.4:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-concurrent-0:1.1.1-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-concurrent-0:1.1.1-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-fastinfoset-0:1.2.13-11.1.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-fastinfoset-0:1.2.13-11.1.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.5-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.5-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-jaxb-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaxb-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-json-0:1.1.6-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-json-0:1.1.6-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-gnu-getopt-0:1.0.13-6.redhat_5.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-gnu-getopt-0:1.0.13-6.redhat_5.1.el9eap.src", "9Base-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-guava-0:30.1.0-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-guava-libraries-0:30.1.0-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-guava-libraries-0:30.1.0-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-beanvalidation-api-0:2.0.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-beanvalidation-api-0:2.0.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-commons-annotations-0:5.0.5-1.1.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-commons-annotations-0:5.0.5-1.1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hornetq-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hornetq-0:2.4.8-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hornetq-commons-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hornetq-core-client-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hornetq-jms-client-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-httpcomponents-asyncclient-0:4.1.4-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-httpcomponents-asyncclient-0:4.1.4-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-httpcomponents-client-0:4.5.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-httpcomponents-client-0:4.5.13-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-httpcomponents-core-0:4.4.14-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-httpcomponents-core-0:4.4.14-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-istack-commons-runtime-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-istack-commons-tools-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-coreutils-0:1.8.0-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-coreutils-0:1.8.0-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jakarta-security-enterprise-api-0:1.0.2-3.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jakarta-security-enterprise-api-0:1.0.2-3.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jansi-0:1.18.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jansi-0:1.18.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-java-classmate-0:1.5.1-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-java-classmate-0:1.5.1-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-jpa-spec-0:2.2.3-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-jpa-spec-0:2.2.3-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaewah-0:1.1.7-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaewah-0:1.1.7-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javapackages-tools-0:3.4.1-5.15.6.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javapackages-tools-0:3.4.1-5.15.6.el9eap.src", "9Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jaxb-jxc-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxb-runtime-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxb-xjc-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxbintros-0:1.0.3-1.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxbintros-0:1.0.3-1.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jaxen-0:1.1.6-14.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxen-0:1.1.6-14.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-2.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-aesh-0:2.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-aesh-0:2.4.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-batch-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-batch-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-classfilewriter-0:1.2.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-classfilewriter-0:1.2.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-common-beans-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-common-beans-0:2.0.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-concurrency-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-concurrency-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-connector-api_1.7_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-connector-api_1.7_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-dmr-0:1.5.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-dmr-0:1.5.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-ejb-api_3.2_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-api_3.2_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.44-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.44-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-ejb3-ext-api-0:2.3.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb3-ext-api-0:2.3.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-el-api_3.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-el-api_3.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-genericjms-0:2.0.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-genericjms-0:2.0.9-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-iiop-client-0:1.0.1-3.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-iiop-client-0:1.0.1-3.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-interceptors-api_1.2_spec-0:2.0.0-3.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-interceptors-api_1.2_spec-0:2.0.0-3.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-j2eemgmt-api_1.1_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-j2eemgmt-api_1.1_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jacc-api_1.5_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jacc-api_1.5_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaspi-api_1.1_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaspi-api_1.1_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaxb-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaxb-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaxrpc-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaxrpc-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaxrs-api_2.1_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaxrs-api_2.1_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaxws-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaxws-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jms-api_2.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jms-api_2.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-logging-0:3.4.1-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-logging-0:3.4.1-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-0:13.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-metadata-appclient-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-common-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-ear-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-ejb-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-web-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.12-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.12-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-openjdk-orb-0:8.1.4-3.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-openjdk-orb-0:8.1.4-3.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-jmx-0:3.0.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-jmx-0:3.0.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.3_spec-0:1.0.6-1.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.3_spec-0:1.0.6-1.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.4_spec-0:1.0.2-1.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.4_spec-0:1.0.2-1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-seam-int-0:7.0.0-6.GA_redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-seam-int-0:7.0.0-6.GA_redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-security-negotiation-0:3.0.6-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-security-negotiation-0:3.0.6-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-security-xacml-0:2.0.8-17.Final_redhat_8.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-security-xacml-0:2.0.8-17.Final_redhat_8.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-servlet-api_4.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-servlet-api_4.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-stdio-0:1.1.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-stdio-0:1.1.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-threads-0:2.4.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-threads-0:2.4.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-transaction-api_1.3_spec-0:2.0.0-4.Final_redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-transaction-api_1.3_spec-0:2.0.0-4.Final_redhat_00005.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-transaction-spi-0:7.6.0-2.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-transaction-spi-0:7.6.0-2.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-websocket-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-websocket-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-weld-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-weld-spi-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-api-0:1.1.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-api-0:1.1.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-common-0:3.3.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-common-0:3.3.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-common-tools-0:1.3.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-common-tools-0:1.3.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-jaxws-undertow-httpspi-0:1.0.1-3.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-jaxws-undertow-httpspi-0:1.0.1-3.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-spi-0:3.3.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-spi-0:3.3.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jcip-annotations-0:1.0.0-5.redhat_8.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jcip-annotations-0:1.0.0-5.redhat_8.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jctools-0:2.1.2-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jctools-0:2.1.2-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jctools-core-0:2.1.2-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.4.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-0:4.2.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-0:4.2.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-azure-0:1.3.1-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-azure-0:1.3.1-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-joda-time-0:2.9.7-2.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-joda-time-0:2.9.7-2.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-json-patch-0:1.9.0-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-json-patch-0:1.9.0-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jsonb-spec-0:1.0.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jsonb-spec-0:1.0.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jul-to-slf4j-stub-0:1.0.1-7.Final_redhat_3.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jul-to-slf4j-stub-0:1.0.1-7.Final_redhat_3.1.el9eap.src", "9Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-3.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mustache-java-0:0.9.6-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mustache-java-0:0.9.6-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mustache-java-compiler-0:0.9.6-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-neethi-0:3.1.1-1.1.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-neethi-0:3.1.1-1.1.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.77-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-xnio-transport-0:0.1.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-xnio-transport-0:0.1.9-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-opensaml-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-0:3.3.1-1.1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-opensaml-core-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-profile-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-saml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-saml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-security-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-security-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-soap-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xacml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xacml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xacml-saml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xacml-saml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xmlsec-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xmlsec-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketbox-commons-0:1.0.0-4.final_redhat_5.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketbox-commons-0:1.0.0-4.final_redhat_5.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-10.Final_redhat_00009.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-26.SP12_redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-python3-javapackages-0:3.4.1-5.15.6.el9eap.noarch", "9Base-JBEAP-7.4:eap7-reactive-streams-0:1.0.3-2.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-reactive-streams-0:1.0.3-2.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-reactivex-rxjava-0:3.0.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-reactivex-rxjava-0:3.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-reactivex-rxjava2-0:2.2.20-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-reactivex-rxjava2-0:2.2.20-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-relaxng-datatype-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-rngom-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-runtime-0:1-18.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-shibboleth-java-support-0:7.3.0-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-shibboleth-java-support-0:7.3.0-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-slf4j-0:1.7.22-4.1.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-slf4j-0:1.7.22-4.1.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-slf4j-api-0:1.7.22-4.1.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-slf4j-ext-0:1.7.22-4.1.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-slf4j-jboss-logmanager-0:1.1.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-slf4j-jboss-logmanager-0:1.1.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el9eap.noarch", "9Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el9eap.src", "9Base-JBEAP-7.4:eap7-stax-ex-0:1.8.3-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-stax-ex-0:1.8.3-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-stax2-api-0:4.2.1-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-stax2-api-0:4.2.1-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-staxmapper-0:1.3.0-2.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-staxmapper-0:1.3.0-2.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-sun-istack-commons-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-sun-istack-commons-0:3.0.10-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-sun-saaj-1.3-impl-0:1.3.16-18.SP1_redhat_6.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-sun-saaj-1.3-impl-0:1.3.16-18.SP1_redhat_6.1.el9eap.src", "9Base-JBEAP-7.4:eap7-sun-saaj-1.4-impl-0:1.4.1-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-sun-saaj-1.4-impl-0:1.4.1-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-sun-ws-metadata-2.0-api-0:1.0.0-7.MR1_redhat_8.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-sun-ws-metadata-2.0-api-0:1.0.0-7.MR1_redhat_8.1.el9eap.src", "9Base-JBEAP-7.4:eap7-taglibs-standard-compat-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-taglibs-standard-impl-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-taglibs-standard-spec-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-tomcat-taglibs-standard-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-txw2-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-jastow-0:2.0.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-jastow-0:2.0.9-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-js-0:1.0.2-2.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-js-0:1.0.2-2.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.2-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-vdx-0:1.1.6-2.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-vdx-core-0:1.1.6-2.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-vdx-wildfly-0:1.1.6-2.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-cdi-2.0-api-0:2.0.2-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-cdi-2.0-api-0:2.0.2-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-weld-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-web-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-client-config-0:1.0.1-2.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-client-config-0:1.0.1-2.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-common-0:1.5.4-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-common-0:1.5.4-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-discovery-0:1.2.1-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-discovery-client-0:1.2.1-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.13-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.14-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.14-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-openssl-el9-x86_64-0:2.2.2-1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-openssl-el9-x86_64-0:2.2.2-1.Final_redhat_00002.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-wildfly-openssl-el9-x86_64-debuginfo-0:2.2.2-1.Final_redhat_00002.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.0.3-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.0.3-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wsdl4j-0:1.6.3-13.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wsdl4j-0:1.6.3-13.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xml-commons-resolver-0:1.2.0-7.redhat_12.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xml-commons-resolver-0:1.2.0-7.redhat_12.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xml-resolver-0:1.2.0-7.redhat_12.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xsom-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el9eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5894" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "9Base-JBEAP-7.4:eap7-0:1-18.el9eap.src", "9Base-JBEAP-7.4:eap7-0:1-18.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-FastInfoset-0:1.2.13-11.1.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-aesh-extensions-0:1.8.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-aesh-extensions-0:1.8.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-aesh-readline-0:2.2.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-aesh-readline-0:2.2.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-agroal-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-agroal-0:1.3.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-agroal-api-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-agroal-narayana-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-agroal-pool-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-antlr-0:2.7.7-54.redhat_7.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-antlr-0:2.7.7-54.redhat_7.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-cli-0:1.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-cli-0:1.4.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-codec-0:1.15.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-codec-0:1.15.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-collections-0:3.2.2-9.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-collections-0:3.2.2-9.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-lang-0:3.11.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-lang-0:3.11.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-lang2-0:2.6.0-1.redhat_7.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-lang2-0:2.6.0-1.redhat_7.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-xjc-utils-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-xjc-utils-0:3.3.1-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-mime4j-0:0.6.0-4.1.redhat_7.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-mime4j-0:0.6.0-4.1.redhat_7.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-3.redhat_1.el9eap.src", "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-3.redhat_1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-atinject-0:1.0.3-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-atinject-0:1.0.3-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-avro-0:1.7.6-7.1.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-avro-0:1.7.6-7.1.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-azure-storage-0:8.6.6-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-azure-storage-0:8.6.6-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.68.0-2.redhat_00005.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-caffeine-0:2.8.8-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-caffeine-0:2.8.8-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-cal10n-0:0.8.1-6.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cal10n-0:0.8.1-6.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-codehaus-jackson-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codehaus-jackson-0:1.9.13-10.redhat_00007.1.el9eap.src", "9Base-JBEAP-7.4:eap7-codehaus-jackson-core-asl-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codehaus-jackson-jaxrs-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codehaus-jackson-mapper-asl-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codehaus-jackson-xc-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codemodel-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-commons-logging-jboss-logging-0:1.0.0-1.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-commons-logging-jboss-logging-0:1.0.0-1.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-cryptacular-0:1.2.4-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cryptacular-0:1.2.4-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-cxf-xjc-boolean-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cxf-xjc-bug986-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cxf-xjc-dv-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cxf-xjc-runtime-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cxf-xjc-ts-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.2-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el9eap.src", "9Base-JBEAP-7.4:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-concurrent-0:1.1.1-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-concurrent-0:1.1.1-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-fastinfoset-0:1.2.13-11.1.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-fastinfoset-0:1.2.13-11.1.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.5-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.5-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-jaxb-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaxb-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-json-0:1.1.6-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-json-0:1.1.6-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-gnu-getopt-0:1.0.13-6.redhat_5.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-gnu-getopt-0:1.0.13-6.redhat_5.1.el9eap.src", "9Base-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-guava-0:30.1.0-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-guava-libraries-0:30.1.0-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-guava-libraries-0:30.1.0-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-beanvalidation-api-0:2.0.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-beanvalidation-api-0:2.0.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-commons-annotations-0:5.0.5-1.1.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-commons-annotations-0:5.0.5-1.1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hornetq-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hornetq-0:2.4.8-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hornetq-commons-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hornetq-core-client-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hornetq-jms-client-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-httpcomponents-asyncclient-0:4.1.4-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-httpcomponents-asyncclient-0:4.1.4-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-httpcomponents-client-0:4.5.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-httpcomponents-client-0:4.5.13-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-httpcomponents-core-0:4.4.14-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-httpcomponents-core-0:4.4.14-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-istack-commons-runtime-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-istack-commons-tools-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-coreutils-0:1.8.0-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-coreutils-0:1.8.0-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jakarta-security-enterprise-api-0:1.0.2-3.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jakarta-security-enterprise-api-0:1.0.2-3.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jansi-0:1.18.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jansi-0:1.18.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-java-classmate-0:1.5.1-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-java-classmate-0:1.5.1-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-jpa-spec-0:2.2.3-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-jpa-spec-0:2.2.3-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaewah-0:1.1.7-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaewah-0:1.1.7-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javapackages-tools-0:3.4.1-5.15.6.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javapackages-tools-0:3.4.1-5.15.6.el9eap.src", "9Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jaxb-jxc-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxb-runtime-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxb-xjc-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxbintros-0:1.0.3-1.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxbintros-0:1.0.3-1.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jaxen-0:1.1.6-14.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxen-0:1.1.6-14.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-2.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-aesh-0:2.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-aesh-0:2.4.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-batch-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-batch-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-classfilewriter-0:1.2.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-classfilewriter-0:1.2.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-common-beans-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-common-beans-0:2.0.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-concurrency-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-concurrency-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-connector-api_1.7_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-connector-api_1.7_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-dmr-0:1.5.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-dmr-0:1.5.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-ejb-api_3.2_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-api_3.2_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.44-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.44-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-ejb3-ext-api-0:2.3.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb3-ext-api-0:2.3.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-el-api_3.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-el-api_3.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-genericjms-0:2.0.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-genericjms-0:2.0.9-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-iiop-client-0:1.0.1-3.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-iiop-client-0:1.0.1-3.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-interceptors-api_1.2_spec-0:2.0.0-3.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-interceptors-api_1.2_spec-0:2.0.0-3.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-j2eemgmt-api_1.1_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-j2eemgmt-api_1.1_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jacc-api_1.5_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jacc-api_1.5_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaspi-api_1.1_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaspi-api_1.1_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaxb-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaxb-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaxrpc-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaxrpc-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaxrs-api_2.1_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaxrs-api_2.1_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaxws-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaxws-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jms-api_2.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jms-api_2.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-logging-0:3.4.1-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-logging-0:3.4.1-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-0:13.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-metadata-appclient-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-common-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-ear-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-ejb-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-web-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.12-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.12-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-openjdk-orb-0:8.1.4-3.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-openjdk-orb-0:8.1.4-3.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-jmx-0:3.0.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-jmx-0:3.0.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.3_spec-0:1.0.6-1.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.3_spec-0:1.0.6-1.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.4_spec-0:1.0.2-1.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.4_spec-0:1.0.2-1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-seam-int-0:7.0.0-6.GA_redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-seam-int-0:7.0.0-6.GA_redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-security-negotiation-0:3.0.6-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-security-negotiation-0:3.0.6-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-security-xacml-0:2.0.8-17.Final_redhat_8.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-security-xacml-0:2.0.8-17.Final_redhat_8.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-servlet-api_4.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-servlet-api_4.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-stdio-0:1.1.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-stdio-0:1.1.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-threads-0:2.4.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-threads-0:2.4.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-transaction-api_1.3_spec-0:2.0.0-4.Final_redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-transaction-api_1.3_spec-0:2.0.0-4.Final_redhat_00005.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-transaction-spi-0:7.6.0-2.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-transaction-spi-0:7.6.0-2.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-websocket-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-websocket-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-weld-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-weld-spi-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-api-0:1.1.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-api-0:1.1.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-common-0:3.3.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-common-0:3.3.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-common-tools-0:1.3.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-common-tools-0:1.3.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-jaxws-undertow-httpspi-0:1.0.1-3.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-jaxws-undertow-httpspi-0:1.0.1-3.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-spi-0:3.3.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-spi-0:3.3.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jcip-annotations-0:1.0.0-5.redhat_8.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jcip-annotations-0:1.0.0-5.redhat_8.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jctools-0:2.1.2-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jctools-0:2.1.2-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jctools-core-0:2.1.2-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.4.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-0:4.2.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-0:4.2.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-azure-0:1.3.1-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-azure-0:1.3.1-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-joda-time-0:2.9.7-2.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-joda-time-0:2.9.7-2.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-json-patch-0:1.9.0-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-json-patch-0:1.9.0-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jsonb-spec-0:1.0.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jsonb-spec-0:1.0.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jul-to-slf4j-stub-0:1.0.1-7.Final_redhat_3.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jul-to-slf4j-stub-0:1.0.1-7.Final_redhat_3.1.el9eap.src", "9Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-3.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mustache-java-0:0.9.6-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mustache-java-0:0.9.6-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mustache-java-compiler-0:0.9.6-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-neethi-0:3.1.1-1.1.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-neethi-0:3.1.1-1.1.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.77-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-xnio-transport-0:0.1.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-xnio-transport-0:0.1.9-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-opensaml-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-0:3.3.1-1.1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-opensaml-core-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-profile-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-saml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-saml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-security-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-security-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-soap-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xacml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xacml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xacml-saml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xacml-saml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xmlsec-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xmlsec-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketbox-commons-0:1.0.0-4.final_redhat_5.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketbox-commons-0:1.0.0-4.final_redhat_5.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-10.Final_redhat_00009.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-26.SP12_redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-python3-javapackages-0:3.4.1-5.15.6.el9eap.noarch", "9Base-JBEAP-7.4:eap7-reactive-streams-0:1.0.3-2.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-reactive-streams-0:1.0.3-2.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-reactivex-rxjava-0:3.0.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-reactivex-rxjava-0:3.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-reactivex-rxjava2-0:2.2.20-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-reactivex-rxjava2-0:2.2.20-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-relaxng-datatype-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-rngom-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-runtime-0:1-18.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-shibboleth-java-support-0:7.3.0-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-shibboleth-java-support-0:7.3.0-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-slf4j-0:1.7.22-4.1.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-slf4j-0:1.7.22-4.1.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-slf4j-api-0:1.7.22-4.1.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-slf4j-ext-0:1.7.22-4.1.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-slf4j-jboss-logmanager-0:1.1.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-slf4j-jboss-logmanager-0:1.1.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el9eap.noarch", "9Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el9eap.src", "9Base-JBEAP-7.4:eap7-stax-ex-0:1.8.3-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-stax-ex-0:1.8.3-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-stax2-api-0:4.2.1-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-stax2-api-0:4.2.1-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-staxmapper-0:1.3.0-2.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-staxmapper-0:1.3.0-2.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-sun-istack-commons-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-sun-istack-commons-0:3.0.10-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-sun-saaj-1.3-impl-0:1.3.16-18.SP1_redhat_6.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-sun-saaj-1.3-impl-0:1.3.16-18.SP1_redhat_6.1.el9eap.src", "9Base-JBEAP-7.4:eap7-sun-saaj-1.4-impl-0:1.4.1-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-sun-saaj-1.4-impl-0:1.4.1-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-sun-ws-metadata-2.0-api-0:1.0.0-7.MR1_redhat_8.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-sun-ws-metadata-2.0-api-0:1.0.0-7.MR1_redhat_8.1.el9eap.src", "9Base-JBEAP-7.4:eap7-taglibs-standard-compat-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-taglibs-standard-impl-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-taglibs-standard-spec-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-tomcat-taglibs-standard-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-txw2-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-jastow-0:2.0.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-jastow-0:2.0.9-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-js-0:1.0.2-2.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-js-0:1.0.2-2.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.2-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-vdx-0:1.1.6-2.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-vdx-core-0:1.1.6-2.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-vdx-wildfly-0:1.1.6-2.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-cdi-2.0-api-0:2.0.2-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-cdi-2.0-api-0:2.0.2-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-weld-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-web-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-client-config-0:1.0.1-2.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-client-config-0:1.0.1-2.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-common-0:1.5.4-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-common-0:1.5.4-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-discovery-0:1.2.1-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-discovery-client-0:1.2.1-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.13-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.14-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.14-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-openssl-el9-x86_64-0:2.2.2-1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-openssl-el9-x86_64-0:2.2.2-1.Final_redhat_00002.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-wildfly-openssl-el9-x86_64-debuginfo-0:2.2.2-1.Final_redhat_00002.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.0.3-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.0.3-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wsdl4j-0:1.6.3-13.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wsdl4j-0:1.6.3-13.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xml-commons-resolver-0:1.2.0-7.redhat_12.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xml-commons-resolver-0:1.2.0-7.redhat_12.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xml-resolver-0:1.2.0-7.redhat_12.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xsom-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el9eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "minimist: prototype pollution" }, { "cve": "CVE-2022-24823", "cwe": { "id": "CWE-379", "name": "Creation of Temporary File in Directory with Insecure Permissions" }, "discovery_date": "2022-05-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2087186" } ], "notes": [ { "category": "description", "text": "CVE-2021-21290 contains an incomplete fix, and this addresses the issue found in netty. When using multipart decoders in netty, local information disclosure can occur via the local system temporary directory if temporary storing of uploads on the disk is enabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: world readable temporary file containing sensitive data", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users.\n\nRed Hat Satellite 6 is not affected as is using netty 3.6.7 version which is not impacted by this vulnerability.\n\nRed Hat Fuse 7 is now in Maintenance Support Phase and should be fixed soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-JBEAP-7.4:eap7-0:1-18.el9eap.src", "9Base-JBEAP-7.4:eap7-0:1-18.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-FastInfoset-0:1.2.13-11.1.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-aesh-extensions-0:1.8.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-aesh-extensions-0:1.8.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-aesh-readline-0:2.2.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-aesh-readline-0:2.2.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-agroal-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-agroal-0:1.3.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-agroal-api-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-agroal-narayana-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-agroal-pool-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-antlr-0:2.7.7-54.redhat_7.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-antlr-0:2.7.7-54.redhat_7.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-cli-0:1.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-cli-0:1.4.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-codec-0:1.15.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-codec-0:1.15.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-collections-0:3.2.2-9.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-collections-0:3.2.2-9.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-lang-0:3.11.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-lang-0:3.11.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-lang2-0:2.6.0-1.redhat_7.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-lang2-0:2.6.0-1.redhat_7.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-xjc-utils-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-xjc-utils-0:3.3.1-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-mime4j-0:0.6.0-4.1.redhat_7.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-mime4j-0:0.6.0-4.1.redhat_7.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-3.redhat_1.el9eap.src", "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-3.redhat_1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-atinject-0:1.0.3-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-atinject-0:1.0.3-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-avro-0:1.7.6-7.1.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-avro-0:1.7.6-7.1.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-azure-storage-0:8.6.6-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-azure-storage-0:8.6.6-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.68.0-2.redhat_00005.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-caffeine-0:2.8.8-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-caffeine-0:2.8.8-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-cal10n-0:0.8.1-6.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cal10n-0:0.8.1-6.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-codehaus-jackson-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codehaus-jackson-0:1.9.13-10.redhat_00007.1.el9eap.src", "9Base-JBEAP-7.4:eap7-codehaus-jackson-core-asl-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codehaus-jackson-jaxrs-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codehaus-jackson-mapper-asl-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codehaus-jackson-xc-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codemodel-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-commons-logging-jboss-logging-0:1.0.0-1.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-commons-logging-jboss-logging-0:1.0.0-1.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-cryptacular-0:1.2.4-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cryptacular-0:1.2.4-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-cxf-xjc-boolean-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cxf-xjc-bug986-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cxf-xjc-dv-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cxf-xjc-runtime-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cxf-xjc-ts-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.2-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el9eap.src", "9Base-JBEAP-7.4:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-concurrent-0:1.1.1-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-concurrent-0:1.1.1-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-fastinfoset-0:1.2.13-11.1.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-fastinfoset-0:1.2.13-11.1.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.5-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.5-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-jaxb-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaxb-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-json-0:1.1.6-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-json-0:1.1.6-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-gnu-getopt-0:1.0.13-6.redhat_5.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-gnu-getopt-0:1.0.13-6.redhat_5.1.el9eap.src", "9Base-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-guava-0:30.1.0-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-guava-libraries-0:30.1.0-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-guava-libraries-0:30.1.0-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-beanvalidation-api-0:2.0.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-beanvalidation-api-0:2.0.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-commons-annotations-0:5.0.5-1.1.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-commons-annotations-0:5.0.5-1.1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hornetq-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hornetq-0:2.4.8-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hornetq-commons-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hornetq-core-client-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hornetq-jms-client-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-httpcomponents-asyncclient-0:4.1.4-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-httpcomponents-asyncclient-0:4.1.4-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-httpcomponents-client-0:4.5.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-httpcomponents-client-0:4.5.13-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-httpcomponents-core-0:4.4.14-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-httpcomponents-core-0:4.4.14-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-istack-commons-runtime-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-istack-commons-tools-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-coreutils-0:1.8.0-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-coreutils-0:1.8.0-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jakarta-security-enterprise-api-0:1.0.2-3.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jakarta-security-enterprise-api-0:1.0.2-3.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jansi-0:1.18.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jansi-0:1.18.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-java-classmate-0:1.5.1-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-java-classmate-0:1.5.1-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-jpa-spec-0:2.2.3-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-jpa-spec-0:2.2.3-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaewah-0:1.1.7-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaewah-0:1.1.7-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javapackages-tools-0:3.4.1-5.15.6.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javapackages-tools-0:3.4.1-5.15.6.el9eap.src", "9Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jaxb-jxc-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxb-runtime-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxb-xjc-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxbintros-0:1.0.3-1.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxbintros-0:1.0.3-1.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jaxen-0:1.1.6-14.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxen-0:1.1.6-14.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-2.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-aesh-0:2.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-aesh-0:2.4.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-batch-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-batch-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-classfilewriter-0:1.2.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-classfilewriter-0:1.2.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-common-beans-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-common-beans-0:2.0.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-concurrency-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-concurrency-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-connector-api_1.7_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-connector-api_1.7_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-dmr-0:1.5.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-dmr-0:1.5.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-ejb-api_3.2_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-api_3.2_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.44-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.44-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-ejb3-ext-api-0:2.3.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb3-ext-api-0:2.3.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-el-api_3.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-el-api_3.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-genericjms-0:2.0.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-genericjms-0:2.0.9-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-iiop-client-0:1.0.1-3.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-iiop-client-0:1.0.1-3.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-interceptors-api_1.2_spec-0:2.0.0-3.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-interceptors-api_1.2_spec-0:2.0.0-3.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-j2eemgmt-api_1.1_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-j2eemgmt-api_1.1_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jacc-api_1.5_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jacc-api_1.5_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaspi-api_1.1_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaspi-api_1.1_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaxb-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaxb-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaxrpc-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaxrpc-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaxrs-api_2.1_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaxrs-api_2.1_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaxws-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaxws-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jms-api_2.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jms-api_2.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-logging-0:3.4.1-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-logging-0:3.4.1-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-0:13.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-metadata-appclient-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-common-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-ear-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-ejb-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-web-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.12-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.12-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-openjdk-orb-0:8.1.4-3.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-openjdk-orb-0:8.1.4-3.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-jmx-0:3.0.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-jmx-0:3.0.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.3_spec-0:1.0.6-1.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.3_spec-0:1.0.6-1.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.4_spec-0:1.0.2-1.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.4_spec-0:1.0.2-1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-seam-int-0:7.0.0-6.GA_redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-seam-int-0:7.0.0-6.GA_redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-security-negotiation-0:3.0.6-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-security-negotiation-0:3.0.6-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-security-xacml-0:2.0.8-17.Final_redhat_8.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-security-xacml-0:2.0.8-17.Final_redhat_8.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-servlet-api_4.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-servlet-api_4.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-stdio-0:1.1.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-stdio-0:1.1.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-threads-0:2.4.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-threads-0:2.4.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-transaction-api_1.3_spec-0:2.0.0-4.Final_redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-transaction-api_1.3_spec-0:2.0.0-4.Final_redhat_00005.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-transaction-spi-0:7.6.0-2.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-transaction-spi-0:7.6.0-2.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-websocket-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-websocket-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-weld-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-weld-spi-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-api-0:1.1.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-api-0:1.1.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-common-0:3.3.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-common-0:3.3.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-common-tools-0:1.3.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-common-tools-0:1.3.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-jaxws-undertow-httpspi-0:1.0.1-3.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-jaxws-undertow-httpspi-0:1.0.1-3.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-spi-0:3.3.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-spi-0:3.3.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jcip-annotations-0:1.0.0-5.redhat_8.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jcip-annotations-0:1.0.0-5.redhat_8.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jctools-0:2.1.2-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jctools-0:2.1.2-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jctools-core-0:2.1.2-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.4.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-0:4.2.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-0:4.2.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-azure-0:1.3.1-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-azure-0:1.3.1-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-joda-time-0:2.9.7-2.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-joda-time-0:2.9.7-2.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-json-patch-0:1.9.0-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-json-patch-0:1.9.0-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jsonb-spec-0:1.0.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jsonb-spec-0:1.0.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jul-to-slf4j-stub-0:1.0.1-7.Final_redhat_3.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jul-to-slf4j-stub-0:1.0.1-7.Final_redhat_3.1.el9eap.src", "9Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-3.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mustache-java-0:0.9.6-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mustache-java-0:0.9.6-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mustache-java-compiler-0:0.9.6-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-neethi-0:3.1.1-1.1.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-neethi-0:3.1.1-1.1.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.77-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-xnio-transport-0:0.1.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-xnio-transport-0:0.1.9-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-opensaml-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-0:3.3.1-1.1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-opensaml-core-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-profile-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-saml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-saml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-security-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-security-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-soap-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xacml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xacml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xacml-saml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xacml-saml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xmlsec-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xmlsec-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketbox-commons-0:1.0.0-4.final_redhat_5.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketbox-commons-0:1.0.0-4.final_redhat_5.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-10.Final_redhat_00009.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-26.SP12_redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-python3-javapackages-0:3.4.1-5.15.6.el9eap.noarch", "9Base-JBEAP-7.4:eap7-reactive-streams-0:1.0.3-2.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-reactive-streams-0:1.0.3-2.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-reactivex-rxjava-0:3.0.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-reactivex-rxjava-0:3.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-reactivex-rxjava2-0:2.2.20-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-reactivex-rxjava2-0:2.2.20-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-relaxng-datatype-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-rngom-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-runtime-0:1-18.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-shibboleth-java-support-0:7.3.0-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-shibboleth-java-support-0:7.3.0-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-slf4j-0:1.7.22-4.1.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-slf4j-0:1.7.22-4.1.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-slf4j-api-0:1.7.22-4.1.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-slf4j-ext-0:1.7.22-4.1.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-slf4j-jboss-logmanager-0:1.1.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-slf4j-jboss-logmanager-0:1.1.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el9eap.noarch", "9Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el9eap.src", "9Base-JBEAP-7.4:eap7-stax-ex-0:1.8.3-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-stax-ex-0:1.8.3-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-stax2-api-0:4.2.1-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-stax2-api-0:4.2.1-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-staxmapper-0:1.3.0-2.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-staxmapper-0:1.3.0-2.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-sun-istack-commons-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-sun-istack-commons-0:3.0.10-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-sun-saaj-1.3-impl-0:1.3.16-18.SP1_redhat_6.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-sun-saaj-1.3-impl-0:1.3.16-18.SP1_redhat_6.1.el9eap.src", "9Base-JBEAP-7.4:eap7-sun-saaj-1.4-impl-0:1.4.1-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-sun-saaj-1.4-impl-0:1.4.1-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-sun-ws-metadata-2.0-api-0:1.0.0-7.MR1_redhat_8.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-sun-ws-metadata-2.0-api-0:1.0.0-7.MR1_redhat_8.1.el9eap.src", "9Base-JBEAP-7.4:eap7-taglibs-standard-compat-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-taglibs-standard-impl-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-taglibs-standard-spec-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-tomcat-taglibs-standard-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-txw2-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-jastow-0:2.0.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-jastow-0:2.0.9-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-js-0:1.0.2-2.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-js-0:1.0.2-2.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.2-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-vdx-0:1.1.6-2.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-vdx-core-0:1.1.6-2.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-vdx-wildfly-0:1.1.6-2.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-cdi-2.0-api-0:2.0.2-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-cdi-2.0-api-0:2.0.2-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-weld-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-web-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-client-config-0:1.0.1-2.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-client-config-0:1.0.1-2.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-common-0:1.5.4-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-common-0:1.5.4-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-discovery-0:1.2.1-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-discovery-client-0:1.2.1-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.13-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.14-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.14-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-openssl-el9-x86_64-0:2.2.2-1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-openssl-el9-x86_64-0:2.2.2-1.Final_redhat_00002.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-wildfly-openssl-el9-x86_64-debuginfo-0:2.2.2-1.Final_redhat_00002.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.0.3-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.0.3-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wsdl4j-0:1.6.3-13.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wsdl4j-0:1.6.3-13.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xml-commons-resolver-0:1.2.0-7.redhat_12.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xml-commons-resolver-0:1.2.0-7.redhat_12.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xml-resolver-0:1.2.0-7.redhat_12.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xsom-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el9eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24823" }, { "category": "external", "summary": "RHBZ#2087186", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087186" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24823", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24823" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24823", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24823" } ], "release_date": "2022-05-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258", "product_ids": [ "9Base-JBEAP-7.4:eap7-0:1-18.el9eap.src", "9Base-JBEAP-7.4:eap7-0:1-18.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-FastInfoset-0:1.2.13-11.1.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-aesh-extensions-0:1.8.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-aesh-extensions-0:1.8.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-aesh-readline-0:2.2.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-aesh-readline-0:2.2.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-agroal-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-agroal-0:1.3.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-agroal-api-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-agroal-narayana-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-agroal-pool-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-antlr-0:2.7.7-54.redhat_7.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-antlr-0:2.7.7-54.redhat_7.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-cli-0:1.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-cli-0:1.4.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-codec-0:1.15.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-codec-0:1.15.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-collections-0:3.2.2-9.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-collections-0:3.2.2-9.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-lang-0:3.11.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-lang-0:3.11.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-lang2-0:2.6.0-1.redhat_7.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-lang2-0:2.6.0-1.redhat_7.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-xjc-utils-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-xjc-utils-0:3.3.1-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-mime4j-0:0.6.0-4.1.redhat_7.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-mime4j-0:0.6.0-4.1.redhat_7.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-3.redhat_1.el9eap.src", "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-3.redhat_1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-atinject-0:1.0.3-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-atinject-0:1.0.3-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-avro-0:1.7.6-7.1.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-avro-0:1.7.6-7.1.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-azure-storage-0:8.6.6-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-azure-storage-0:8.6.6-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.68.0-2.redhat_00005.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-caffeine-0:2.8.8-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-caffeine-0:2.8.8-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-cal10n-0:0.8.1-6.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cal10n-0:0.8.1-6.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-codehaus-jackson-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codehaus-jackson-0:1.9.13-10.redhat_00007.1.el9eap.src", "9Base-JBEAP-7.4:eap7-codehaus-jackson-core-asl-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codehaus-jackson-jaxrs-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codehaus-jackson-mapper-asl-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codehaus-jackson-xc-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codemodel-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-commons-logging-jboss-logging-0:1.0.0-1.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-commons-logging-jboss-logging-0:1.0.0-1.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-cryptacular-0:1.2.4-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cryptacular-0:1.2.4-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-cxf-xjc-boolean-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cxf-xjc-bug986-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cxf-xjc-dv-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cxf-xjc-runtime-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cxf-xjc-ts-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.2-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el9eap.src", "9Base-JBEAP-7.4:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-concurrent-0:1.1.1-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-concurrent-0:1.1.1-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-fastinfoset-0:1.2.13-11.1.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-fastinfoset-0:1.2.13-11.1.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.5-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.5-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-jaxb-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaxb-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-json-0:1.1.6-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-json-0:1.1.6-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-gnu-getopt-0:1.0.13-6.redhat_5.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-gnu-getopt-0:1.0.13-6.redhat_5.1.el9eap.src", "9Base-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-guava-0:30.1.0-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-guava-libraries-0:30.1.0-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-guava-libraries-0:30.1.0-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-beanvalidation-api-0:2.0.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-beanvalidation-api-0:2.0.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-commons-annotations-0:5.0.5-1.1.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-commons-annotations-0:5.0.5-1.1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hornetq-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hornetq-0:2.4.8-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hornetq-commons-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hornetq-core-client-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hornetq-jms-client-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-httpcomponents-asyncclient-0:4.1.4-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-httpcomponents-asyncclient-0:4.1.4-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-httpcomponents-client-0:4.5.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-httpcomponents-client-0:4.5.13-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-httpcomponents-core-0:4.4.14-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-httpcomponents-core-0:4.4.14-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-istack-commons-runtime-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-istack-commons-tools-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-coreutils-0:1.8.0-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-coreutils-0:1.8.0-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jakarta-security-enterprise-api-0:1.0.2-3.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jakarta-security-enterprise-api-0:1.0.2-3.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jansi-0:1.18.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jansi-0:1.18.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-java-classmate-0:1.5.1-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-java-classmate-0:1.5.1-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-jpa-spec-0:2.2.3-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-jpa-spec-0:2.2.3-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaewah-0:1.1.7-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaewah-0:1.1.7-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javapackages-tools-0:3.4.1-5.15.6.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javapackages-tools-0:3.4.1-5.15.6.el9eap.src", "9Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jaxb-jxc-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxb-runtime-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxb-xjc-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxbintros-0:1.0.3-1.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxbintros-0:1.0.3-1.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jaxen-0:1.1.6-14.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxen-0:1.1.6-14.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-2.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-aesh-0:2.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-aesh-0:2.4.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-batch-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-batch-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-classfilewriter-0:1.2.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-classfilewriter-0:1.2.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-common-beans-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-common-beans-0:2.0.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-concurrency-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-concurrency-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-connector-api_1.7_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-connector-api_1.7_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-dmr-0:1.5.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-dmr-0:1.5.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-ejb-api_3.2_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-api_3.2_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.44-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.44-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-ejb3-ext-api-0:2.3.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb3-ext-api-0:2.3.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-el-api_3.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-el-api_3.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-genericjms-0:2.0.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-genericjms-0:2.0.9-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-iiop-client-0:1.0.1-3.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-iiop-client-0:1.0.1-3.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-interceptors-api_1.2_spec-0:2.0.0-3.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-interceptors-api_1.2_spec-0:2.0.0-3.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-j2eemgmt-api_1.1_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-j2eemgmt-api_1.1_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jacc-api_1.5_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jacc-api_1.5_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaspi-api_1.1_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaspi-api_1.1_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaxb-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaxb-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaxrpc-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaxrpc-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaxrs-api_2.1_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaxrs-api_2.1_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaxws-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaxws-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jms-api_2.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jms-api_2.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-logging-0:3.4.1-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-logging-0:3.4.1-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-0:13.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-metadata-appclient-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-common-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-ear-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-ejb-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-web-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.12-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.12-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-openjdk-orb-0:8.1.4-3.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-openjdk-orb-0:8.1.4-3.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-jmx-0:3.0.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-jmx-0:3.0.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.3_spec-0:1.0.6-1.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.3_spec-0:1.0.6-1.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.4_spec-0:1.0.2-1.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.4_spec-0:1.0.2-1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-seam-int-0:7.0.0-6.GA_redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-seam-int-0:7.0.0-6.GA_redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-security-negotiation-0:3.0.6-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-security-negotiation-0:3.0.6-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-security-xacml-0:2.0.8-17.Final_redhat_8.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-security-xacml-0:2.0.8-17.Final_redhat_8.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-servlet-api_4.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-servlet-api_4.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-stdio-0:1.1.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-stdio-0:1.1.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-threads-0:2.4.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-threads-0:2.4.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-transaction-api_1.3_spec-0:2.0.0-4.Final_redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-transaction-api_1.3_spec-0:2.0.0-4.Final_redhat_00005.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-transaction-spi-0:7.6.0-2.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-transaction-spi-0:7.6.0-2.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-websocket-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-websocket-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-weld-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-weld-spi-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-api-0:1.1.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-api-0:1.1.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-common-0:3.3.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-common-0:3.3.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-common-tools-0:1.3.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-common-tools-0:1.3.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-jaxws-undertow-httpspi-0:1.0.1-3.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-jaxws-undertow-httpspi-0:1.0.1-3.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-spi-0:3.3.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-spi-0:3.3.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jcip-annotations-0:1.0.0-5.redhat_8.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jcip-annotations-0:1.0.0-5.redhat_8.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jctools-0:2.1.2-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jctools-0:2.1.2-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jctools-core-0:2.1.2-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.4.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-0:4.2.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-0:4.2.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-azure-0:1.3.1-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-azure-0:1.3.1-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-joda-time-0:2.9.7-2.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-joda-time-0:2.9.7-2.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-json-patch-0:1.9.0-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-json-patch-0:1.9.0-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jsonb-spec-0:1.0.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jsonb-spec-0:1.0.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jul-to-slf4j-stub-0:1.0.1-7.Final_redhat_3.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jul-to-slf4j-stub-0:1.0.1-7.Final_redhat_3.1.el9eap.src", "9Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-3.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mustache-java-0:0.9.6-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mustache-java-0:0.9.6-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mustache-java-compiler-0:0.9.6-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-neethi-0:3.1.1-1.1.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-neethi-0:3.1.1-1.1.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.77-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-xnio-transport-0:0.1.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-xnio-transport-0:0.1.9-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-opensaml-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-0:3.3.1-1.1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-opensaml-core-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-profile-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-saml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-saml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-security-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-security-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-soap-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xacml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xacml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xacml-saml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xacml-saml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xmlsec-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xmlsec-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketbox-commons-0:1.0.0-4.final_redhat_5.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketbox-commons-0:1.0.0-4.final_redhat_5.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-10.Final_redhat_00009.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-26.SP12_redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-python3-javapackages-0:3.4.1-5.15.6.el9eap.noarch", "9Base-JBEAP-7.4:eap7-reactive-streams-0:1.0.3-2.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-reactive-streams-0:1.0.3-2.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-reactivex-rxjava-0:3.0.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-reactivex-rxjava-0:3.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-reactivex-rxjava2-0:2.2.20-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-reactivex-rxjava2-0:2.2.20-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-relaxng-datatype-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-rngom-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-runtime-0:1-18.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-shibboleth-java-support-0:7.3.0-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-shibboleth-java-support-0:7.3.0-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-slf4j-0:1.7.22-4.1.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-slf4j-0:1.7.22-4.1.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-slf4j-api-0:1.7.22-4.1.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-slf4j-ext-0:1.7.22-4.1.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-slf4j-jboss-logmanager-0:1.1.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-slf4j-jboss-logmanager-0:1.1.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el9eap.noarch", "9Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el9eap.src", "9Base-JBEAP-7.4:eap7-stax-ex-0:1.8.3-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-stax-ex-0:1.8.3-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-stax2-api-0:4.2.1-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-stax2-api-0:4.2.1-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-staxmapper-0:1.3.0-2.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-staxmapper-0:1.3.0-2.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-sun-istack-commons-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-sun-istack-commons-0:3.0.10-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-sun-saaj-1.3-impl-0:1.3.16-18.SP1_redhat_6.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-sun-saaj-1.3-impl-0:1.3.16-18.SP1_redhat_6.1.el9eap.src", "9Base-JBEAP-7.4:eap7-sun-saaj-1.4-impl-0:1.4.1-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-sun-saaj-1.4-impl-0:1.4.1-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-sun-ws-metadata-2.0-api-0:1.0.0-7.MR1_redhat_8.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-sun-ws-metadata-2.0-api-0:1.0.0-7.MR1_redhat_8.1.el9eap.src", "9Base-JBEAP-7.4:eap7-taglibs-standard-compat-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-taglibs-standard-impl-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-taglibs-standard-spec-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-tomcat-taglibs-standard-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-txw2-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-jastow-0:2.0.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-jastow-0:2.0.9-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-js-0:1.0.2-2.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-js-0:1.0.2-2.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.2-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-vdx-0:1.1.6-2.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-vdx-core-0:1.1.6-2.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-vdx-wildfly-0:1.1.6-2.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-cdi-2.0-api-0:2.0.2-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-cdi-2.0-api-0:2.0.2-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-weld-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-web-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-client-config-0:1.0.1-2.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-client-config-0:1.0.1-2.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-common-0:1.5.4-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-common-0:1.5.4-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-discovery-0:1.2.1-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-discovery-client-0:1.2.1-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.13-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.14-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.14-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-openssl-el9-x86_64-0:2.2.2-1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-openssl-el9-x86_64-0:2.2.2-1.Final_redhat_00002.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-wildfly-openssl-el9-x86_64-debuginfo-0:2.2.2-1.Final_redhat_00002.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.0.3-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.0.3-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wsdl4j-0:1.6.3-13.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wsdl4j-0:1.6.3-13.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xml-commons-resolver-0:1.2.0-7.redhat_12.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xml-commons-resolver-0:1.2.0-7.redhat_12.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xml-resolver-0:1.2.0-7.redhat_12.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xsom-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el9eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5894" }, { "category": "workaround", "details": "As a workaround, specify one\u0027s own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user.", "product_ids": [ "9Base-JBEAP-7.4:eap7-0:1-18.el9eap.src", "9Base-JBEAP-7.4:eap7-0:1-18.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-FastInfoset-0:1.2.13-11.1.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-aesh-extensions-0:1.8.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-aesh-extensions-0:1.8.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-aesh-readline-0:2.2.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-aesh-readline-0:2.2.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-agroal-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-agroal-0:1.3.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-agroal-api-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-agroal-narayana-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-agroal-pool-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-antlr-0:2.7.7-54.redhat_7.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-antlr-0:2.7.7-54.redhat_7.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-cli-0:1.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-cli-0:1.4.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-codec-0:1.15.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-codec-0:1.15.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-collections-0:3.2.2-9.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-collections-0:3.2.2-9.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-lang-0:3.11.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-lang-0:3.11.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-lang2-0:2.6.0-1.redhat_7.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-lang2-0:2.6.0-1.redhat_7.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-xjc-utils-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-xjc-utils-0:3.3.1-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-mime4j-0:0.6.0-4.1.redhat_7.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-mime4j-0:0.6.0-4.1.redhat_7.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-3.redhat_1.el9eap.src", "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-3.redhat_1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-atinject-0:1.0.3-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-atinject-0:1.0.3-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-avro-0:1.7.6-7.1.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-avro-0:1.7.6-7.1.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-azure-storage-0:8.6.6-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-azure-storage-0:8.6.6-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.68.0-2.redhat_00005.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-caffeine-0:2.8.8-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-caffeine-0:2.8.8-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-cal10n-0:0.8.1-6.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cal10n-0:0.8.1-6.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-codehaus-jackson-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codehaus-jackson-0:1.9.13-10.redhat_00007.1.el9eap.src", "9Base-JBEAP-7.4:eap7-codehaus-jackson-core-asl-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codehaus-jackson-jaxrs-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codehaus-jackson-mapper-asl-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codehaus-jackson-xc-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codemodel-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-commons-logging-jboss-logging-0:1.0.0-1.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-commons-logging-jboss-logging-0:1.0.0-1.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-cryptacular-0:1.2.4-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cryptacular-0:1.2.4-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-cxf-xjc-boolean-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cxf-xjc-bug986-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cxf-xjc-dv-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cxf-xjc-runtime-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cxf-xjc-ts-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.2-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el9eap.src", "9Base-JBEAP-7.4:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-concurrent-0:1.1.1-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-concurrent-0:1.1.1-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-fastinfoset-0:1.2.13-11.1.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-fastinfoset-0:1.2.13-11.1.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.5-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.5-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-jaxb-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaxb-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-json-0:1.1.6-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-json-0:1.1.6-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-gnu-getopt-0:1.0.13-6.redhat_5.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-gnu-getopt-0:1.0.13-6.redhat_5.1.el9eap.src", "9Base-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-guava-0:30.1.0-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-guava-libraries-0:30.1.0-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-guava-libraries-0:30.1.0-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-beanvalidation-api-0:2.0.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-beanvalidation-api-0:2.0.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-commons-annotations-0:5.0.5-1.1.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-commons-annotations-0:5.0.5-1.1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hornetq-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hornetq-0:2.4.8-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hornetq-commons-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hornetq-core-client-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hornetq-jms-client-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-httpcomponents-asyncclient-0:4.1.4-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-httpcomponents-asyncclient-0:4.1.4-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-httpcomponents-client-0:4.5.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-httpcomponents-client-0:4.5.13-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-httpcomponents-core-0:4.4.14-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-httpcomponents-core-0:4.4.14-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-istack-commons-runtime-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-istack-commons-tools-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-coreutils-0:1.8.0-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-coreutils-0:1.8.0-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jakarta-security-enterprise-api-0:1.0.2-3.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jakarta-security-enterprise-api-0:1.0.2-3.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jansi-0:1.18.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jansi-0:1.18.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-java-classmate-0:1.5.1-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-java-classmate-0:1.5.1-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-jpa-spec-0:2.2.3-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-jpa-spec-0:2.2.3-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaewah-0:1.1.7-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaewah-0:1.1.7-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javapackages-tools-0:3.4.1-5.15.6.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javapackages-tools-0:3.4.1-5.15.6.el9eap.src", "9Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jaxb-jxc-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxb-runtime-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxb-xjc-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxbintros-0:1.0.3-1.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxbintros-0:1.0.3-1.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jaxen-0:1.1.6-14.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxen-0:1.1.6-14.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-2.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-aesh-0:2.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-aesh-0:2.4.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-batch-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-batch-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-classfilewriter-0:1.2.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-classfilewriter-0:1.2.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-common-beans-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-common-beans-0:2.0.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-concurrency-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-concurrency-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-connector-api_1.7_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-connector-api_1.7_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-dmr-0:1.5.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-dmr-0:1.5.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-ejb-api_3.2_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-api_3.2_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.44-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.44-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-ejb3-ext-api-0:2.3.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb3-ext-api-0:2.3.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-el-api_3.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-el-api_3.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-genericjms-0:2.0.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-genericjms-0:2.0.9-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-iiop-client-0:1.0.1-3.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-iiop-client-0:1.0.1-3.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-interceptors-api_1.2_spec-0:2.0.0-3.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-interceptors-api_1.2_spec-0:2.0.0-3.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-j2eemgmt-api_1.1_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-j2eemgmt-api_1.1_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jacc-api_1.5_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jacc-api_1.5_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaspi-api_1.1_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaspi-api_1.1_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaxb-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaxb-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaxrpc-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaxrpc-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaxrs-api_2.1_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaxrs-api_2.1_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaxws-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaxws-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jms-api_2.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jms-api_2.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-logging-0:3.4.1-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-logging-0:3.4.1-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-0:13.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-metadata-appclient-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-common-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-ear-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-ejb-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-web-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.12-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.12-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-openjdk-orb-0:8.1.4-3.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-openjdk-orb-0:8.1.4-3.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-jmx-0:3.0.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-jmx-0:3.0.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.3_spec-0:1.0.6-1.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.3_spec-0:1.0.6-1.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.4_spec-0:1.0.2-1.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.4_spec-0:1.0.2-1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-seam-int-0:7.0.0-6.GA_redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-seam-int-0:7.0.0-6.GA_redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-security-negotiation-0:3.0.6-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-security-negotiation-0:3.0.6-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-security-xacml-0:2.0.8-17.Final_redhat_8.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-security-xacml-0:2.0.8-17.Final_redhat_8.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-servlet-api_4.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-servlet-api_4.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-stdio-0:1.1.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-stdio-0:1.1.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-threads-0:2.4.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-threads-0:2.4.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-transaction-api_1.3_spec-0:2.0.0-4.Final_redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-transaction-api_1.3_spec-0:2.0.0-4.Final_redhat_00005.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-transaction-spi-0:7.6.0-2.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-transaction-spi-0:7.6.0-2.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-websocket-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-websocket-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-weld-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-weld-spi-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-api-0:1.1.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-api-0:1.1.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-common-0:3.3.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-common-0:3.3.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-common-tools-0:1.3.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-common-tools-0:1.3.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-jaxws-undertow-httpspi-0:1.0.1-3.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-jaxws-undertow-httpspi-0:1.0.1-3.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-spi-0:3.3.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-spi-0:3.3.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jcip-annotations-0:1.0.0-5.redhat_8.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jcip-annotations-0:1.0.0-5.redhat_8.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jctools-0:2.1.2-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jctools-0:2.1.2-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jctools-core-0:2.1.2-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.4.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-0:4.2.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-0:4.2.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-azure-0:1.3.1-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-azure-0:1.3.1-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-joda-time-0:2.9.7-2.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-joda-time-0:2.9.7-2.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-json-patch-0:1.9.0-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-json-patch-0:1.9.0-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jsonb-spec-0:1.0.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jsonb-spec-0:1.0.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jul-to-slf4j-stub-0:1.0.1-7.Final_redhat_3.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jul-to-slf4j-stub-0:1.0.1-7.Final_redhat_3.1.el9eap.src", "9Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-3.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mustache-java-0:0.9.6-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mustache-java-0:0.9.6-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mustache-java-compiler-0:0.9.6-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-neethi-0:3.1.1-1.1.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-neethi-0:3.1.1-1.1.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.77-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-xnio-transport-0:0.1.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-xnio-transport-0:0.1.9-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-opensaml-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-0:3.3.1-1.1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-opensaml-core-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-profile-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-saml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-saml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-security-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-security-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-soap-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xacml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xacml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xacml-saml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xacml-saml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xmlsec-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xmlsec-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketbox-commons-0:1.0.0-4.final_redhat_5.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketbox-commons-0:1.0.0-4.final_redhat_5.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-10.Final_redhat_00009.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-26.SP12_redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-python3-javapackages-0:3.4.1-5.15.6.el9eap.noarch", "9Base-JBEAP-7.4:eap7-reactive-streams-0:1.0.3-2.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-reactive-streams-0:1.0.3-2.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-reactivex-rxjava-0:3.0.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-reactivex-rxjava-0:3.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-reactivex-rxjava2-0:2.2.20-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-reactivex-rxjava2-0:2.2.20-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-relaxng-datatype-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-rngom-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-runtime-0:1-18.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-shibboleth-java-support-0:7.3.0-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-shibboleth-java-support-0:7.3.0-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-slf4j-0:1.7.22-4.1.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-slf4j-0:1.7.22-4.1.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-slf4j-api-0:1.7.22-4.1.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-slf4j-ext-0:1.7.22-4.1.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-slf4j-jboss-logmanager-0:1.1.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-slf4j-jboss-logmanager-0:1.1.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el9eap.noarch", "9Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el9eap.src", "9Base-JBEAP-7.4:eap7-stax-ex-0:1.8.3-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-stax-ex-0:1.8.3-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-stax2-api-0:4.2.1-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-stax2-api-0:4.2.1-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-staxmapper-0:1.3.0-2.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-staxmapper-0:1.3.0-2.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-sun-istack-commons-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-sun-istack-commons-0:3.0.10-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-sun-saaj-1.3-impl-0:1.3.16-18.SP1_redhat_6.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-sun-saaj-1.3-impl-0:1.3.16-18.SP1_redhat_6.1.el9eap.src", "9Base-JBEAP-7.4:eap7-sun-saaj-1.4-impl-0:1.4.1-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-sun-saaj-1.4-impl-0:1.4.1-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-sun-ws-metadata-2.0-api-0:1.0.0-7.MR1_redhat_8.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-sun-ws-metadata-2.0-api-0:1.0.0-7.MR1_redhat_8.1.el9eap.src", "9Base-JBEAP-7.4:eap7-taglibs-standard-compat-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-taglibs-standard-impl-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-taglibs-standard-spec-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-tomcat-taglibs-standard-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-txw2-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-jastow-0:2.0.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-jastow-0:2.0.9-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-js-0:1.0.2-2.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-js-0:1.0.2-2.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.2-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-vdx-0:1.1.6-2.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-vdx-core-0:1.1.6-2.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-vdx-wildfly-0:1.1.6-2.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-cdi-2.0-api-0:2.0.2-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-cdi-2.0-api-0:2.0.2-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-weld-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-web-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-client-config-0:1.0.1-2.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-client-config-0:1.0.1-2.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-common-0:1.5.4-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-common-0:1.5.4-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-discovery-0:1.2.1-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-discovery-client-0:1.2.1-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.13-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.14-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.14-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-openssl-el9-x86_64-0:2.2.2-1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-openssl-el9-x86_64-0:2.2.2-1.Final_redhat_00002.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-wildfly-openssl-el9-x86_64-debuginfo-0:2.2.2-1.Final_redhat_00002.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.0.3-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.0.3-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wsdl4j-0:1.6.3-13.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wsdl4j-0:1.6.3-13.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xml-commons-resolver-0:1.2.0-7.redhat_12.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xml-commons-resolver-0:1.2.0-7.redhat_12.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xml-resolver-0:1.2.0-7.redhat_12.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xsom-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el9eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "9Base-JBEAP-7.4:eap7-0:1-18.el9eap.src", "9Base-JBEAP-7.4:eap7-0:1-18.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-FastInfoset-0:1.2.13-11.1.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-aesh-extensions-0:1.8.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-aesh-extensions-0:1.8.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-aesh-readline-0:2.2.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-aesh-readline-0:2.2.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-agroal-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-agroal-0:1.3.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-agroal-api-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-agroal-narayana-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-agroal-pool-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-antlr-0:2.7.7-54.redhat_7.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-antlr-0:2.7.7-54.redhat_7.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-cli-0:1.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-cli-0:1.4.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-codec-0:1.15.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-codec-0:1.15.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-collections-0:3.2.2-9.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-collections-0:3.2.2-9.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-lang-0:3.11.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-lang-0:3.11.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-lang2-0:2.6.0-1.redhat_7.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-lang2-0:2.6.0-1.redhat_7.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-xjc-utils-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-xjc-utils-0:3.3.1-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-mime4j-0:0.6.0-4.1.redhat_7.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-mime4j-0:0.6.0-4.1.redhat_7.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-3.redhat_1.el9eap.src", "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-3.redhat_1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-atinject-0:1.0.3-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-atinject-0:1.0.3-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-avro-0:1.7.6-7.1.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-avro-0:1.7.6-7.1.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-azure-storage-0:8.6.6-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-azure-storage-0:8.6.6-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.68.0-2.redhat_00005.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-caffeine-0:2.8.8-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-caffeine-0:2.8.8-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-cal10n-0:0.8.1-6.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cal10n-0:0.8.1-6.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-codehaus-jackson-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codehaus-jackson-0:1.9.13-10.redhat_00007.1.el9eap.src", "9Base-JBEAP-7.4:eap7-codehaus-jackson-core-asl-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codehaus-jackson-jaxrs-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codehaus-jackson-mapper-asl-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codehaus-jackson-xc-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codemodel-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-commons-logging-jboss-logging-0:1.0.0-1.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-commons-logging-jboss-logging-0:1.0.0-1.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-cryptacular-0:1.2.4-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cryptacular-0:1.2.4-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-cxf-xjc-boolean-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cxf-xjc-bug986-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cxf-xjc-dv-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cxf-xjc-runtime-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cxf-xjc-ts-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.2-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el9eap.src", "9Base-JBEAP-7.4:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-concurrent-0:1.1.1-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-concurrent-0:1.1.1-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-fastinfoset-0:1.2.13-11.1.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-fastinfoset-0:1.2.13-11.1.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.5-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.5-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-jaxb-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaxb-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-json-0:1.1.6-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-json-0:1.1.6-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-gnu-getopt-0:1.0.13-6.redhat_5.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-gnu-getopt-0:1.0.13-6.redhat_5.1.el9eap.src", "9Base-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-guava-0:30.1.0-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-guava-libraries-0:30.1.0-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-guava-libraries-0:30.1.0-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-beanvalidation-api-0:2.0.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-beanvalidation-api-0:2.0.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-commons-annotations-0:5.0.5-1.1.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-commons-annotations-0:5.0.5-1.1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hornetq-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hornetq-0:2.4.8-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hornetq-commons-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hornetq-core-client-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hornetq-jms-client-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-httpcomponents-asyncclient-0:4.1.4-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-httpcomponents-asyncclient-0:4.1.4-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-httpcomponents-client-0:4.5.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-httpcomponents-client-0:4.5.13-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-httpcomponents-core-0:4.4.14-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-httpcomponents-core-0:4.4.14-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-istack-commons-runtime-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-istack-commons-tools-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-coreutils-0:1.8.0-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-coreutils-0:1.8.0-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jakarta-security-enterprise-api-0:1.0.2-3.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jakarta-security-enterprise-api-0:1.0.2-3.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jansi-0:1.18.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jansi-0:1.18.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-java-classmate-0:1.5.1-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-java-classmate-0:1.5.1-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-jpa-spec-0:2.2.3-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-jpa-spec-0:2.2.3-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaewah-0:1.1.7-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaewah-0:1.1.7-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javapackages-tools-0:3.4.1-5.15.6.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javapackages-tools-0:3.4.1-5.15.6.el9eap.src", "9Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jaxb-jxc-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxb-runtime-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxb-xjc-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxbintros-0:1.0.3-1.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxbintros-0:1.0.3-1.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jaxen-0:1.1.6-14.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxen-0:1.1.6-14.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-2.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-aesh-0:2.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-aesh-0:2.4.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-batch-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-batch-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-classfilewriter-0:1.2.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-classfilewriter-0:1.2.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-common-beans-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-common-beans-0:2.0.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-concurrency-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-concurrency-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-connector-api_1.7_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-connector-api_1.7_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-dmr-0:1.5.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-dmr-0:1.5.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-ejb-api_3.2_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-api_3.2_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.44-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.44-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-ejb3-ext-api-0:2.3.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb3-ext-api-0:2.3.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-el-api_3.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-el-api_3.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-genericjms-0:2.0.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-genericjms-0:2.0.9-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-iiop-client-0:1.0.1-3.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-iiop-client-0:1.0.1-3.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-interceptors-api_1.2_spec-0:2.0.0-3.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-interceptors-api_1.2_spec-0:2.0.0-3.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-j2eemgmt-api_1.1_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-j2eemgmt-api_1.1_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jacc-api_1.5_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jacc-api_1.5_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaspi-api_1.1_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaspi-api_1.1_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaxb-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaxb-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaxrpc-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaxrpc-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaxrs-api_2.1_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaxrs-api_2.1_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaxws-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaxws-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jms-api_2.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jms-api_2.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-logging-0:3.4.1-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-logging-0:3.4.1-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-0:13.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-metadata-appclient-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-common-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-ear-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-ejb-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-web-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.12-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.12-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-openjdk-orb-0:8.1.4-3.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-openjdk-orb-0:8.1.4-3.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-jmx-0:3.0.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-jmx-0:3.0.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.3_spec-0:1.0.6-1.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.3_spec-0:1.0.6-1.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.4_spec-0:1.0.2-1.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.4_spec-0:1.0.2-1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-seam-int-0:7.0.0-6.GA_redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-seam-int-0:7.0.0-6.GA_redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-security-negotiation-0:3.0.6-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-security-negotiation-0:3.0.6-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-security-xacml-0:2.0.8-17.Final_redhat_8.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-security-xacml-0:2.0.8-17.Final_redhat_8.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-servlet-api_4.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-servlet-api_4.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-stdio-0:1.1.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-stdio-0:1.1.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-threads-0:2.4.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-threads-0:2.4.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-transaction-api_1.3_spec-0:2.0.0-4.Final_redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-transaction-api_1.3_spec-0:2.0.0-4.Final_redhat_00005.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-transaction-spi-0:7.6.0-2.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-transaction-spi-0:7.6.0-2.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-websocket-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-websocket-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-weld-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-weld-spi-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-api-0:1.1.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-api-0:1.1.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-common-0:3.3.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-common-0:3.3.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-common-tools-0:1.3.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-common-tools-0:1.3.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-jaxws-undertow-httpspi-0:1.0.1-3.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-jaxws-undertow-httpspi-0:1.0.1-3.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-spi-0:3.3.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-spi-0:3.3.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jcip-annotations-0:1.0.0-5.redhat_8.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jcip-annotations-0:1.0.0-5.redhat_8.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jctools-0:2.1.2-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jctools-0:2.1.2-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jctools-core-0:2.1.2-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.4.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-0:4.2.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-0:4.2.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-azure-0:1.3.1-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-azure-0:1.3.1-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-joda-time-0:2.9.7-2.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-joda-time-0:2.9.7-2.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-json-patch-0:1.9.0-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-json-patch-0:1.9.0-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jsonb-spec-0:1.0.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jsonb-spec-0:1.0.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jul-to-slf4j-stub-0:1.0.1-7.Final_redhat_3.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jul-to-slf4j-stub-0:1.0.1-7.Final_redhat_3.1.el9eap.src", "9Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-3.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mustache-java-0:0.9.6-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mustache-java-0:0.9.6-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mustache-java-compiler-0:0.9.6-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-neethi-0:3.1.1-1.1.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-neethi-0:3.1.1-1.1.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.77-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-xnio-transport-0:0.1.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-xnio-transport-0:0.1.9-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-opensaml-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-0:3.3.1-1.1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-opensaml-core-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-profile-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-saml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-saml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-security-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-security-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-soap-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xacml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xacml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xacml-saml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xacml-saml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xmlsec-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xmlsec-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketbox-commons-0:1.0.0-4.final_redhat_5.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketbox-commons-0:1.0.0-4.final_redhat_5.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-10.Final_redhat_00009.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-26.SP12_redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-python3-javapackages-0:3.4.1-5.15.6.el9eap.noarch", "9Base-JBEAP-7.4:eap7-reactive-streams-0:1.0.3-2.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-reactive-streams-0:1.0.3-2.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-reactivex-rxjava-0:3.0.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-reactivex-rxjava-0:3.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-reactivex-rxjava2-0:2.2.20-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-reactivex-rxjava2-0:2.2.20-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-relaxng-datatype-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-rngom-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-runtime-0:1-18.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-shibboleth-java-support-0:7.3.0-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-shibboleth-java-support-0:7.3.0-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-slf4j-0:1.7.22-4.1.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-slf4j-0:1.7.22-4.1.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-slf4j-api-0:1.7.22-4.1.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-slf4j-ext-0:1.7.22-4.1.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-slf4j-jboss-logmanager-0:1.1.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-slf4j-jboss-logmanager-0:1.1.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el9eap.noarch", "9Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el9eap.src", "9Base-JBEAP-7.4:eap7-stax-ex-0:1.8.3-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-stax-ex-0:1.8.3-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-stax2-api-0:4.2.1-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-stax2-api-0:4.2.1-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-staxmapper-0:1.3.0-2.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-staxmapper-0:1.3.0-2.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-sun-istack-commons-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-sun-istack-commons-0:3.0.10-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-sun-saaj-1.3-impl-0:1.3.16-18.SP1_redhat_6.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-sun-saaj-1.3-impl-0:1.3.16-18.SP1_redhat_6.1.el9eap.src", "9Base-JBEAP-7.4:eap7-sun-saaj-1.4-impl-0:1.4.1-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-sun-saaj-1.4-impl-0:1.4.1-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-sun-ws-metadata-2.0-api-0:1.0.0-7.MR1_redhat_8.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-sun-ws-metadata-2.0-api-0:1.0.0-7.MR1_redhat_8.1.el9eap.src", "9Base-JBEAP-7.4:eap7-taglibs-standard-compat-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-taglibs-standard-impl-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-taglibs-standard-spec-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-tomcat-taglibs-standard-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-txw2-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-jastow-0:2.0.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-jastow-0:2.0.9-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-js-0:1.0.2-2.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-js-0:1.0.2-2.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.2-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-vdx-0:1.1.6-2.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-vdx-core-0:1.1.6-2.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-vdx-wildfly-0:1.1.6-2.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-cdi-2.0-api-0:2.0.2-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-cdi-2.0-api-0:2.0.2-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-weld-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-web-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-client-config-0:1.0.1-2.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-client-config-0:1.0.1-2.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-common-0:1.5.4-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-common-0:1.5.4-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-discovery-0:1.2.1-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-discovery-client-0:1.2.1-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.13-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.14-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.14-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-openssl-el9-x86_64-0:2.2.2-1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-openssl-el9-x86_64-0:2.2.2-1.Final_redhat_00002.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-wildfly-openssl-el9-x86_64-debuginfo-0:2.2.2-1.Final_redhat_00002.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.0.3-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.0.3-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wsdl4j-0:1.6.3-13.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wsdl4j-0:1.6.3-13.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xml-commons-resolver-0:1.2.0-7.redhat_12.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xml-commons-resolver-0:1.2.0-7.redhat_12.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xml-resolver-0:1.2.0-7.redhat_12.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xsom-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el9eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty: world readable temporary file containing sensitive data" }, { "cve": "CVE-2022-25647", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-05-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2080850" } ], "notes": [ { "category": "description", "text": "A flaw was found in gson, which is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes. This issue may lead to availability attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-JBEAP-7.4:eap7-0:1-18.el9eap.src", "9Base-JBEAP-7.4:eap7-0:1-18.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-FastInfoset-0:1.2.13-11.1.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-aesh-extensions-0:1.8.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-aesh-extensions-0:1.8.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-aesh-readline-0:2.2.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-aesh-readline-0:2.2.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-agroal-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-agroal-0:1.3.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-agroal-api-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-agroal-narayana-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-agroal-pool-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-antlr-0:2.7.7-54.redhat_7.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-antlr-0:2.7.7-54.redhat_7.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-cli-0:1.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-cli-0:1.4.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-codec-0:1.15.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-codec-0:1.15.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-collections-0:3.2.2-9.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-collections-0:3.2.2-9.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-lang-0:3.11.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-lang-0:3.11.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-lang2-0:2.6.0-1.redhat_7.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-lang2-0:2.6.0-1.redhat_7.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-xjc-utils-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-xjc-utils-0:3.3.1-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-mime4j-0:0.6.0-4.1.redhat_7.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-mime4j-0:0.6.0-4.1.redhat_7.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-3.redhat_1.el9eap.src", "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-3.redhat_1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-atinject-0:1.0.3-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-atinject-0:1.0.3-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-avro-0:1.7.6-7.1.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-avro-0:1.7.6-7.1.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-azure-storage-0:8.6.6-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-azure-storage-0:8.6.6-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.68.0-2.redhat_00005.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-caffeine-0:2.8.8-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-caffeine-0:2.8.8-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-cal10n-0:0.8.1-6.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cal10n-0:0.8.1-6.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-codehaus-jackson-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codehaus-jackson-0:1.9.13-10.redhat_00007.1.el9eap.src", "9Base-JBEAP-7.4:eap7-codehaus-jackson-core-asl-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codehaus-jackson-jaxrs-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codehaus-jackson-mapper-asl-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codehaus-jackson-xc-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codemodel-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-commons-logging-jboss-logging-0:1.0.0-1.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-commons-logging-jboss-logging-0:1.0.0-1.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-cryptacular-0:1.2.4-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cryptacular-0:1.2.4-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-cxf-xjc-boolean-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cxf-xjc-bug986-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cxf-xjc-dv-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cxf-xjc-runtime-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cxf-xjc-ts-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.2-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el9eap.src", "9Base-JBEAP-7.4:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-concurrent-0:1.1.1-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-concurrent-0:1.1.1-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-fastinfoset-0:1.2.13-11.1.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-fastinfoset-0:1.2.13-11.1.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.5-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.5-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-jaxb-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaxb-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-json-0:1.1.6-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-json-0:1.1.6-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-gnu-getopt-0:1.0.13-6.redhat_5.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-gnu-getopt-0:1.0.13-6.redhat_5.1.el9eap.src", "9Base-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-guava-0:30.1.0-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-guava-libraries-0:30.1.0-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-guava-libraries-0:30.1.0-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-beanvalidation-api-0:2.0.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-beanvalidation-api-0:2.0.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-commons-annotations-0:5.0.5-1.1.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-commons-annotations-0:5.0.5-1.1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hornetq-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hornetq-0:2.4.8-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hornetq-commons-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hornetq-core-client-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hornetq-jms-client-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-httpcomponents-asyncclient-0:4.1.4-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-httpcomponents-asyncclient-0:4.1.4-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-httpcomponents-client-0:4.5.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-httpcomponents-client-0:4.5.13-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-httpcomponents-core-0:4.4.14-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-httpcomponents-core-0:4.4.14-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-istack-commons-runtime-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-istack-commons-tools-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-coreutils-0:1.8.0-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-coreutils-0:1.8.0-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jakarta-security-enterprise-api-0:1.0.2-3.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jakarta-security-enterprise-api-0:1.0.2-3.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jansi-0:1.18.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jansi-0:1.18.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-java-classmate-0:1.5.1-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-java-classmate-0:1.5.1-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-jpa-spec-0:2.2.3-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-jpa-spec-0:2.2.3-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaewah-0:1.1.7-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaewah-0:1.1.7-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javapackages-tools-0:3.4.1-5.15.6.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javapackages-tools-0:3.4.1-5.15.6.el9eap.src", "9Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jaxb-jxc-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxb-runtime-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxb-xjc-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxbintros-0:1.0.3-1.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxbintros-0:1.0.3-1.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jaxen-0:1.1.6-14.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxen-0:1.1.6-14.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-2.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-aesh-0:2.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-aesh-0:2.4.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-batch-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-batch-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-classfilewriter-0:1.2.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-classfilewriter-0:1.2.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-common-beans-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-common-beans-0:2.0.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-concurrency-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-concurrency-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-connector-api_1.7_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-connector-api_1.7_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-dmr-0:1.5.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-dmr-0:1.5.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-ejb-api_3.2_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-api_3.2_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.44-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.44-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-ejb3-ext-api-0:2.3.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb3-ext-api-0:2.3.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-el-api_3.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-el-api_3.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-genericjms-0:2.0.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-genericjms-0:2.0.9-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-iiop-client-0:1.0.1-3.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-iiop-client-0:1.0.1-3.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-interceptors-api_1.2_spec-0:2.0.0-3.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-interceptors-api_1.2_spec-0:2.0.0-3.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-j2eemgmt-api_1.1_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-j2eemgmt-api_1.1_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jacc-api_1.5_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jacc-api_1.5_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaspi-api_1.1_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaspi-api_1.1_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaxb-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaxb-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaxrpc-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaxrpc-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaxrs-api_2.1_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaxrs-api_2.1_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaxws-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaxws-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jms-api_2.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jms-api_2.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-logging-0:3.4.1-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-logging-0:3.4.1-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-0:13.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-metadata-appclient-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-common-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-ear-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-ejb-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-web-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.12-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.12-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-openjdk-orb-0:8.1.4-3.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-openjdk-orb-0:8.1.4-3.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-jmx-0:3.0.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-jmx-0:3.0.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.3_spec-0:1.0.6-1.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.3_spec-0:1.0.6-1.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.4_spec-0:1.0.2-1.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.4_spec-0:1.0.2-1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-seam-int-0:7.0.0-6.GA_redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-seam-int-0:7.0.0-6.GA_redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-security-negotiation-0:3.0.6-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-security-negotiation-0:3.0.6-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-security-xacml-0:2.0.8-17.Final_redhat_8.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-security-xacml-0:2.0.8-17.Final_redhat_8.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-servlet-api_4.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-servlet-api_4.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-stdio-0:1.1.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-stdio-0:1.1.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-threads-0:2.4.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-threads-0:2.4.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-transaction-api_1.3_spec-0:2.0.0-4.Final_redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-transaction-api_1.3_spec-0:2.0.0-4.Final_redhat_00005.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-transaction-spi-0:7.6.0-2.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-transaction-spi-0:7.6.0-2.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-websocket-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-websocket-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-weld-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-weld-spi-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-api-0:1.1.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-api-0:1.1.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-common-0:3.3.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-common-0:3.3.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-common-tools-0:1.3.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-common-tools-0:1.3.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-jaxws-undertow-httpspi-0:1.0.1-3.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-jaxws-undertow-httpspi-0:1.0.1-3.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-spi-0:3.3.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-spi-0:3.3.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jcip-annotations-0:1.0.0-5.redhat_8.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jcip-annotations-0:1.0.0-5.redhat_8.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jctools-0:2.1.2-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jctools-0:2.1.2-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jctools-core-0:2.1.2-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.4.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-0:4.2.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-0:4.2.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-azure-0:1.3.1-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-azure-0:1.3.1-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-joda-time-0:2.9.7-2.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-joda-time-0:2.9.7-2.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-json-patch-0:1.9.0-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-json-patch-0:1.9.0-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jsonb-spec-0:1.0.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jsonb-spec-0:1.0.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jul-to-slf4j-stub-0:1.0.1-7.Final_redhat_3.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jul-to-slf4j-stub-0:1.0.1-7.Final_redhat_3.1.el9eap.src", "9Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-3.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mustache-java-0:0.9.6-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mustache-java-0:0.9.6-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mustache-java-compiler-0:0.9.6-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-neethi-0:3.1.1-1.1.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-neethi-0:3.1.1-1.1.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.77-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-xnio-transport-0:0.1.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-xnio-transport-0:0.1.9-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-opensaml-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-0:3.3.1-1.1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-opensaml-core-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-profile-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-saml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-saml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-security-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-security-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-soap-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xacml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xacml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xacml-saml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xacml-saml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xmlsec-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xmlsec-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketbox-commons-0:1.0.0-4.final_redhat_5.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketbox-commons-0:1.0.0-4.final_redhat_5.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-10.Final_redhat_00009.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-26.SP12_redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-python3-javapackages-0:3.4.1-5.15.6.el9eap.noarch", "9Base-JBEAP-7.4:eap7-reactive-streams-0:1.0.3-2.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-reactive-streams-0:1.0.3-2.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-reactivex-rxjava-0:3.0.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-reactivex-rxjava-0:3.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-reactivex-rxjava2-0:2.2.20-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-reactivex-rxjava2-0:2.2.20-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-relaxng-datatype-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-rngom-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-runtime-0:1-18.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-shibboleth-java-support-0:7.3.0-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-shibboleth-java-support-0:7.3.0-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-slf4j-0:1.7.22-4.1.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-slf4j-0:1.7.22-4.1.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-slf4j-api-0:1.7.22-4.1.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-slf4j-ext-0:1.7.22-4.1.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-slf4j-jboss-logmanager-0:1.1.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-slf4j-jboss-logmanager-0:1.1.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el9eap.noarch", "9Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el9eap.src", "9Base-JBEAP-7.4:eap7-stax-ex-0:1.8.3-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-stax-ex-0:1.8.3-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-stax2-api-0:4.2.1-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-stax2-api-0:4.2.1-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-staxmapper-0:1.3.0-2.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-staxmapper-0:1.3.0-2.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-sun-istack-commons-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-sun-istack-commons-0:3.0.10-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-sun-saaj-1.3-impl-0:1.3.16-18.SP1_redhat_6.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-sun-saaj-1.3-impl-0:1.3.16-18.SP1_redhat_6.1.el9eap.src", "9Base-JBEAP-7.4:eap7-sun-saaj-1.4-impl-0:1.4.1-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-sun-saaj-1.4-impl-0:1.4.1-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-sun-ws-metadata-2.0-api-0:1.0.0-7.MR1_redhat_8.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-sun-ws-metadata-2.0-api-0:1.0.0-7.MR1_redhat_8.1.el9eap.src", "9Base-JBEAP-7.4:eap7-taglibs-standard-compat-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-taglibs-standard-impl-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-taglibs-standard-spec-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-tomcat-taglibs-standard-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-txw2-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-jastow-0:2.0.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-jastow-0:2.0.9-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-js-0:1.0.2-2.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-js-0:1.0.2-2.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.2-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-vdx-0:1.1.6-2.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-vdx-core-0:1.1.6-2.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-vdx-wildfly-0:1.1.6-2.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-cdi-2.0-api-0:2.0.2-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-cdi-2.0-api-0:2.0.2-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-weld-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-web-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-client-config-0:1.0.1-2.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-client-config-0:1.0.1-2.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-common-0:1.5.4-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-common-0:1.5.4-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-discovery-0:1.2.1-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-discovery-client-0:1.2.1-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.13-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.14-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.14-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-openssl-el9-x86_64-0:2.2.2-1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-openssl-el9-x86_64-0:2.2.2-1.Final_redhat_00002.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-wildfly-openssl-el9-x86_64-debuginfo-0:2.2.2-1.Final_redhat_00002.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.0.3-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.0.3-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wsdl4j-0:1.6.3-13.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wsdl4j-0:1.6.3-13.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xml-commons-resolver-0:1.2.0-7.redhat_12.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xml-commons-resolver-0:1.2.0-7.redhat_12.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xml-resolver-0:1.2.0-7.redhat_12.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xsom-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el9eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25647" }, { "category": "external", "summary": "RHBZ#2080850", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080850" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25647", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25647" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25647", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25647" } ], "release_date": "2022-05-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258", "product_ids": [ "9Base-JBEAP-7.4:eap7-0:1-18.el9eap.src", "9Base-JBEAP-7.4:eap7-0:1-18.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-FastInfoset-0:1.2.13-11.1.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-aesh-extensions-0:1.8.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-aesh-extensions-0:1.8.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-aesh-readline-0:2.2.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-aesh-readline-0:2.2.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-agroal-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-agroal-0:1.3.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-agroal-api-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-agroal-narayana-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-agroal-pool-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-antlr-0:2.7.7-54.redhat_7.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-antlr-0:2.7.7-54.redhat_7.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-cli-0:1.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-cli-0:1.4.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-codec-0:1.15.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-codec-0:1.15.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-collections-0:3.2.2-9.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-collections-0:3.2.2-9.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-lang-0:3.11.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-lang-0:3.11.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-lang2-0:2.6.0-1.redhat_7.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-lang2-0:2.6.0-1.redhat_7.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-xjc-utils-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-xjc-utils-0:3.3.1-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-mime4j-0:0.6.0-4.1.redhat_7.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-mime4j-0:0.6.0-4.1.redhat_7.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-3.redhat_1.el9eap.src", "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-3.redhat_1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-atinject-0:1.0.3-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-atinject-0:1.0.3-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-avro-0:1.7.6-7.1.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-avro-0:1.7.6-7.1.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-azure-storage-0:8.6.6-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-azure-storage-0:8.6.6-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.68.0-2.redhat_00005.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-caffeine-0:2.8.8-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-caffeine-0:2.8.8-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-cal10n-0:0.8.1-6.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cal10n-0:0.8.1-6.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-codehaus-jackson-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codehaus-jackson-0:1.9.13-10.redhat_00007.1.el9eap.src", "9Base-JBEAP-7.4:eap7-codehaus-jackson-core-asl-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codehaus-jackson-jaxrs-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codehaus-jackson-mapper-asl-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codehaus-jackson-xc-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codemodel-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-commons-logging-jboss-logging-0:1.0.0-1.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-commons-logging-jboss-logging-0:1.0.0-1.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-cryptacular-0:1.2.4-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cryptacular-0:1.2.4-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-cxf-xjc-boolean-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cxf-xjc-bug986-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cxf-xjc-dv-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cxf-xjc-runtime-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cxf-xjc-ts-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.2-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el9eap.src", "9Base-JBEAP-7.4:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-concurrent-0:1.1.1-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-concurrent-0:1.1.1-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-fastinfoset-0:1.2.13-11.1.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-fastinfoset-0:1.2.13-11.1.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.5-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.5-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-jaxb-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaxb-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-json-0:1.1.6-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-json-0:1.1.6-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-gnu-getopt-0:1.0.13-6.redhat_5.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-gnu-getopt-0:1.0.13-6.redhat_5.1.el9eap.src", "9Base-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-guava-0:30.1.0-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-guava-libraries-0:30.1.0-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-guava-libraries-0:30.1.0-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-beanvalidation-api-0:2.0.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-beanvalidation-api-0:2.0.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-commons-annotations-0:5.0.5-1.1.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-commons-annotations-0:5.0.5-1.1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hornetq-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hornetq-0:2.4.8-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hornetq-commons-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hornetq-core-client-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hornetq-jms-client-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-httpcomponents-asyncclient-0:4.1.4-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-httpcomponents-asyncclient-0:4.1.4-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-httpcomponents-client-0:4.5.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-httpcomponents-client-0:4.5.13-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-httpcomponents-core-0:4.4.14-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-httpcomponents-core-0:4.4.14-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-istack-commons-runtime-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-istack-commons-tools-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-coreutils-0:1.8.0-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-coreutils-0:1.8.0-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jakarta-security-enterprise-api-0:1.0.2-3.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jakarta-security-enterprise-api-0:1.0.2-3.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jansi-0:1.18.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jansi-0:1.18.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-java-classmate-0:1.5.1-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-java-classmate-0:1.5.1-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-jpa-spec-0:2.2.3-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-jpa-spec-0:2.2.3-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaewah-0:1.1.7-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaewah-0:1.1.7-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javapackages-tools-0:3.4.1-5.15.6.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javapackages-tools-0:3.4.1-5.15.6.el9eap.src", "9Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jaxb-jxc-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxb-runtime-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxb-xjc-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxbintros-0:1.0.3-1.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxbintros-0:1.0.3-1.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jaxen-0:1.1.6-14.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxen-0:1.1.6-14.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-2.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-aesh-0:2.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-aesh-0:2.4.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-batch-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-batch-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-classfilewriter-0:1.2.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-classfilewriter-0:1.2.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-common-beans-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-common-beans-0:2.0.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-concurrency-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-concurrency-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-connector-api_1.7_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-connector-api_1.7_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-dmr-0:1.5.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-dmr-0:1.5.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-ejb-api_3.2_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-api_3.2_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.44-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.44-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-ejb3-ext-api-0:2.3.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb3-ext-api-0:2.3.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-el-api_3.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-el-api_3.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-genericjms-0:2.0.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-genericjms-0:2.0.9-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-iiop-client-0:1.0.1-3.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-iiop-client-0:1.0.1-3.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-interceptors-api_1.2_spec-0:2.0.0-3.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-interceptors-api_1.2_spec-0:2.0.0-3.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-j2eemgmt-api_1.1_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-j2eemgmt-api_1.1_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jacc-api_1.5_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jacc-api_1.5_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaspi-api_1.1_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaspi-api_1.1_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaxb-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaxb-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaxrpc-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaxrpc-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaxrs-api_2.1_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaxrs-api_2.1_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaxws-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaxws-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jms-api_2.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jms-api_2.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-logging-0:3.4.1-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-logging-0:3.4.1-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-0:13.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-metadata-appclient-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-common-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-ear-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-ejb-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-web-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.12-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.12-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-openjdk-orb-0:8.1.4-3.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-openjdk-orb-0:8.1.4-3.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-jmx-0:3.0.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-jmx-0:3.0.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.3_spec-0:1.0.6-1.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.3_spec-0:1.0.6-1.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.4_spec-0:1.0.2-1.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.4_spec-0:1.0.2-1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-seam-int-0:7.0.0-6.GA_redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-seam-int-0:7.0.0-6.GA_redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-security-negotiation-0:3.0.6-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-security-negotiation-0:3.0.6-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-security-xacml-0:2.0.8-17.Final_redhat_8.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-security-xacml-0:2.0.8-17.Final_redhat_8.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-servlet-api_4.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-servlet-api_4.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-stdio-0:1.1.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-stdio-0:1.1.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-threads-0:2.4.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-threads-0:2.4.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-transaction-api_1.3_spec-0:2.0.0-4.Final_redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-transaction-api_1.3_spec-0:2.0.0-4.Final_redhat_00005.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-transaction-spi-0:7.6.0-2.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-transaction-spi-0:7.6.0-2.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-websocket-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-websocket-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-weld-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-weld-spi-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-api-0:1.1.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-api-0:1.1.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-common-0:3.3.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-common-0:3.3.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-common-tools-0:1.3.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-common-tools-0:1.3.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-jaxws-undertow-httpspi-0:1.0.1-3.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-jaxws-undertow-httpspi-0:1.0.1-3.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-spi-0:3.3.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-spi-0:3.3.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jcip-annotations-0:1.0.0-5.redhat_8.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jcip-annotations-0:1.0.0-5.redhat_8.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jctools-0:2.1.2-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jctools-0:2.1.2-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jctools-core-0:2.1.2-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.4.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-0:4.2.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-0:4.2.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-azure-0:1.3.1-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-azure-0:1.3.1-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-joda-time-0:2.9.7-2.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-joda-time-0:2.9.7-2.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-json-patch-0:1.9.0-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-json-patch-0:1.9.0-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jsonb-spec-0:1.0.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jsonb-spec-0:1.0.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jul-to-slf4j-stub-0:1.0.1-7.Final_redhat_3.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jul-to-slf4j-stub-0:1.0.1-7.Final_redhat_3.1.el9eap.src", "9Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-3.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mustache-java-0:0.9.6-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mustache-java-0:0.9.6-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mustache-java-compiler-0:0.9.6-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-neethi-0:3.1.1-1.1.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-neethi-0:3.1.1-1.1.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.77-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-xnio-transport-0:0.1.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-xnio-transport-0:0.1.9-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-opensaml-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-0:3.3.1-1.1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-opensaml-core-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-profile-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-saml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-saml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-security-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-security-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-soap-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xacml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xacml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xacml-saml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xacml-saml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xmlsec-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xmlsec-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketbox-commons-0:1.0.0-4.final_redhat_5.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketbox-commons-0:1.0.0-4.final_redhat_5.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-10.Final_redhat_00009.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-26.SP12_redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-python3-javapackages-0:3.4.1-5.15.6.el9eap.noarch", "9Base-JBEAP-7.4:eap7-reactive-streams-0:1.0.3-2.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-reactive-streams-0:1.0.3-2.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-reactivex-rxjava-0:3.0.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-reactivex-rxjava-0:3.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-reactivex-rxjava2-0:2.2.20-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-reactivex-rxjava2-0:2.2.20-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-relaxng-datatype-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-rngom-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-runtime-0:1-18.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-shibboleth-java-support-0:7.3.0-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-shibboleth-java-support-0:7.3.0-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-slf4j-0:1.7.22-4.1.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-slf4j-0:1.7.22-4.1.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-slf4j-api-0:1.7.22-4.1.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-slf4j-ext-0:1.7.22-4.1.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-slf4j-jboss-logmanager-0:1.1.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-slf4j-jboss-logmanager-0:1.1.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el9eap.noarch", "9Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el9eap.src", "9Base-JBEAP-7.4:eap7-stax-ex-0:1.8.3-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-stax-ex-0:1.8.3-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-stax2-api-0:4.2.1-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-stax2-api-0:4.2.1-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-staxmapper-0:1.3.0-2.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-staxmapper-0:1.3.0-2.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-sun-istack-commons-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-sun-istack-commons-0:3.0.10-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-sun-saaj-1.3-impl-0:1.3.16-18.SP1_redhat_6.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-sun-saaj-1.3-impl-0:1.3.16-18.SP1_redhat_6.1.el9eap.src", "9Base-JBEAP-7.4:eap7-sun-saaj-1.4-impl-0:1.4.1-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-sun-saaj-1.4-impl-0:1.4.1-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-sun-ws-metadata-2.0-api-0:1.0.0-7.MR1_redhat_8.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-sun-ws-metadata-2.0-api-0:1.0.0-7.MR1_redhat_8.1.el9eap.src", "9Base-JBEAP-7.4:eap7-taglibs-standard-compat-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-taglibs-standard-impl-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-taglibs-standard-spec-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-tomcat-taglibs-standard-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-txw2-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-jastow-0:2.0.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-jastow-0:2.0.9-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-js-0:1.0.2-2.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-js-0:1.0.2-2.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.2-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-vdx-0:1.1.6-2.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-vdx-core-0:1.1.6-2.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-vdx-wildfly-0:1.1.6-2.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-cdi-2.0-api-0:2.0.2-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-cdi-2.0-api-0:2.0.2-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-weld-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-web-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-client-config-0:1.0.1-2.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-client-config-0:1.0.1-2.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-common-0:1.5.4-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-common-0:1.5.4-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-discovery-0:1.2.1-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-discovery-client-0:1.2.1-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.13-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.14-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.14-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-openssl-el9-x86_64-0:2.2.2-1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-openssl-el9-x86_64-0:2.2.2-1.Final_redhat_00002.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-wildfly-openssl-el9-x86_64-debuginfo-0:2.2.2-1.Final_redhat_00002.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.0.3-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.0.3-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wsdl4j-0:1.6.3-13.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wsdl4j-0:1.6.3-13.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xml-commons-resolver-0:1.2.0-7.redhat_12.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xml-commons-resolver-0:1.2.0-7.redhat_12.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xml-resolver-0:1.2.0-7.redhat_12.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xsom-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el9eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5894" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-JBEAP-7.4:eap7-0:1-18.el9eap.src", "9Base-JBEAP-7.4:eap7-0:1-18.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-FastInfoset-0:1.2.13-11.1.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-aesh-extensions-0:1.8.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-aesh-extensions-0:1.8.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-aesh-readline-0:2.2.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-aesh-readline-0:2.2.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-agroal-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-agroal-0:1.3.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-agroal-api-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-agroal-narayana-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-agroal-pool-0:1.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-antlr-0:2.7.7-54.redhat_7.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-antlr-0:2.7.7-54.redhat_7.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-cli-0:1.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-cli-0:1.4.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-codec-0:1.15.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-codec-0:1.15.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-collections-0:3.2.2-9.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-collections-0:3.2.2-9.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-lang-0:3.11.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-lang-0:3.11.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-commons-lang2-0:2.6.0-1.redhat_7.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-commons-lang2-0:2.6.0-1.redhat_7.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.3.13-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.3.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-xjc-utils-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-cxf-xjc-utils-0:3.3.1-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-mime4j-0:0.6.0-4.1.redhat_7.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-mime4j-0:0.6.0-4.1.redhat_7.1.el9eap.src", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-apache-sshd-0:2.7.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-3.redhat_1.el9eap.src", "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-3.redhat_1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-3.redhat_1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-atinject-0:1.0.3-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-atinject-0:1.0.3-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-avro-0:1.7.6-7.1.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-avro-0:1.7.6-7.1.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-azure-storage-0:8.6.6-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-azure-storage-0:8.6.6-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.68.0-2.redhat_00005.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.68.0-2.redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-byte-buddy-0:1.11.12-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-caffeine-0:2.8.8-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-caffeine-0:2.8.8-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-cal10n-0:0.8.1-6.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cal10n-0:0.8.1-6.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-codehaus-jackson-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codehaus-jackson-0:1.9.13-10.redhat_00007.1.el9eap.src", "9Base-JBEAP-7.4:eap7-codehaus-jackson-core-asl-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codehaus-jackson-jaxrs-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codehaus-jackson-mapper-asl-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codehaus-jackson-xc-0:1.9.13-10.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-codemodel-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-commons-logging-jboss-logging-0:1.0.0-1.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-commons-logging-jboss-logging-0:1.0.0-1.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-cryptacular-0:1.2.4-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cryptacular-0:1.2.4-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-cxf-xjc-boolean-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cxf-xjc-bug986-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cxf-xjc-dv-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cxf-xjc-runtime-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-cxf-xjc-ts-0:3.3.1-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-dom4j-0:2.1.3-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ecj-1:3.26.0-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.0.202109080827-1.r_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.2-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el9eap.src", "9Base-JBEAP-7.4:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-concurrent-0:1.1.1-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-concurrent-0:1.1.1-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-fastinfoset-0:1.2.13-11.1.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-fastinfoset-0:1.2.13-11.1.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaf-0:1.2.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.5-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-javamail-0:1.6.5-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-jaxb-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jaxb-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-4.SP05_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-glassfish-json-0:1.1.6-2.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-glassfish-json-0:1.1.6-2.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-gnu-getopt-0:1.0.13-6.redhat_5.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-gnu-getopt-0:1.0.13-6.redhat_5.1.el9eap.src", "9Base-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-gson-0:2.8.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-guava-0:30.1.0-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-guava-libraries-0:30.1.0-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-guava-libraries-0:30.1.0-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.13-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.27-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-beanvalidation-api-0:2.0.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-beanvalidation-api-0:2.0.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-commons-annotations-0:5.0.5-1.1.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-commons-annotations-0:5.0.5-1.1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.27-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jgroups-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-backend-jms-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-engine-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-orm-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-search-serialization-avro-0:5.10.7-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hornetq-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hornetq-0:2.4.8-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hornetq-commons-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hornetq-core-client-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hornetq-jms-client-0:2.4.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-httpcomponents-asyncclient-0:4.1.4-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-httpcomponents-asyncclient-0:4.1.4-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-httpcomponents-client-0:4.5.13-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-httpcomponents-client-0:4.5.13-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-httpcomponents-core-0:4.4.14-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-httpcomponents-core-0:4.4.14-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.3-2.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.3-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-istack-commons-runtime-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-istack-commons-tools-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-coreutils-0:1.8.0-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-coreutils-0:1.8.0-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-2.redhat_00004.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jakarta-security-enterprise-api-0:1.0.2-3.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jakarta-security-enterprise-api-0:1.0.2-3.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jandex-0:2.4.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jansi-0:1.18.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jansi-0:1.18.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jasypt-0:1.9.3-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-java-classmate-0:1.5.1-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-java-classmate-0:1.5.1-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-jpa-spec-0:2.2.3-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-jpa-spec-0:2.2.3-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-0:1.0.1-3.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javaee-security-soteria-enterprise-0:1.0.1-3.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaewah-0:1.1.7-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javaewah-0:1.1.7-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-javapackages-tools-0:3.4.1-5.15.6.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javapackages-tools-0:3.4.1-5.15.6.el9eap.src", "9Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-javassist-0:3.27.0-2.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jaxb-jxc-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxb-runtime-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxb-xjc-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxbintros-0:1.0.3-1.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxbintros-0:1.0.3-1.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jaxen-0:1.1.6-14.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jaxen-0:1.1.6-14.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-2.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-2.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-aesh-0:2.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-aesh-0:2.4.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-batch-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-batch-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-classfilewriter-0:1.2.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-classfilewriter-0:1.2.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-common-beans-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-common-beans-0:2.0.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-concurrency-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-concurrency-api_1.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-connector-api_1.7_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-connector-api_1.7_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-dmr-0:1.5.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-dmr-0:1.5.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-ejb-api_3.2_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-api_3.2_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.44-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb-client-0:4.0.44-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-ejb3-ext-api-0:2.3.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-ejb3-ext-api-0:2.3.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-el-api_3.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-el-api_3.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-genericjms-0:2.0.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-genericjms-0:2.0.9-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-iiop-client-0:1.0.1-3.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-iiop-client-0:1.0.1-3.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-interceptors-api_1.2_spec-0:2.0.0-3.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-interceptors-api_1.2_spec-0:2.0.0-3.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-invocation-0:1.6.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-j2eemgmt-api_1.1_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-j2eemgmt-api_1.1_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jacc-api_1.5_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jacc-api_1.5_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaspi-api_1.1_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaspi-api_1.1_spec-0:2.0.1-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaxb-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaxb-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaxrpc-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaxrpc-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaxrs-api_2.1_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaxrs-api_2.1_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jaxws-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jaxws-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jms-api_2.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jms-api_2.0_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-5.SP06_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-logging-0:3.4.1-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-logging-0:3.4.1-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.12-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-0:13.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-metadata-appclient-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-common-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-ear-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-ejb-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-metadata-web-0:13.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.12-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-msc-0:1.4.12-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-openjdk-orb-0:8.1.4-3.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-openjdk-orb-0:8.1.4-3.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.25-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-remoting-jmx-0:3.0.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-remoting-jmx-0:3.0.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.3_spec-0:1.0.6-1.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.3_spec-0:1.0.6-1.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.4_spec-0:1.0.2-1.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-saaj-api_1.4_spec-0:1.0.2-1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-seam-int-0:7.0.0-6.GA_redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-seam-int-0:7.0.0-6.GA_redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-security-negotiation-0:3.0.6-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-security-negotiation-0:3.0.6-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-security-xacml-0:2.0.8-17.Final_redhat_8.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-security-xacml-0:2.0.8-17.Final_redhat_8.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-18.Final_redhat_00017.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-18.Final_redhat_00017.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-servlet-api_4.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-servlet-api_4.0_spec-0:2.0.0-2.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-stdio-0:1.1.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-stdio-0:1.1.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-threads-0:2.4.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-threads-0:2.4.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-transaction-api_1.3_spec-0:2.0.0-4.Final_redhat_00005.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-transaction-api_1.3_spec-0:2.0.0-4.Final_redhat_00005.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-transaction-spi-0:7.6.0-2.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-transaction-spi-0:7.6.0-2.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-vfs-0:3.2.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-websocket-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-websocket-api_1.1_spec-0:2.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-weld-api-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-weld-3.1-api-weld-spi-0:3.1.0-6.SP3_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-api-0:1.1.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-api-0:1.1.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-common-0:3.3.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-common-0:3.3.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-common-tools-0:1.3.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-common-tools-0:1.3.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-jaxws-undertow-httpspi-0:1.0.1-3.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-jaxws-undertow-httpspi-0:1.0.1-3.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jbossws-spi-0:3.3.1-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jbossws-spi-0:3.3.1-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jcip-annotations-0:1.0.0-5.redhat_8.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jcip-annotations-0:1.0.0-5.redhat_8.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jctools-0:2.1.2-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jctools-0:2.1.2-1.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jctools-core-0:2.1.2-1.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.4.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jettison-0:1.4.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-0:4.2.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-0:4.2.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-azure-0:1.3.1-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-azure-0:1.3.1-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-joda-time-0:2.9.7-2.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-joda-time-0:2.9.7-2.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-json-patch-0:1.9.0-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-json-patch-0:1.9.0-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jsonb-spec-0:1.0.2-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jsonb-spec-0:1.0.2-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jsoup-0:1.14.2-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jul-to-slf4j-stub-0:1.0.1-7.Final_redhat_3.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jul-to-slf4j-stub-0:1.0.1-7.Final_redhat_3.1.el9eap.src", "9Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.0.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-log4j2-jboss-logmanager-0:1.0.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-3.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-3.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mustache-java-0:0.9.6-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mustache-java-0:0.9.6-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mustache-java-compiler-0:0.9.6-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-0:5.11.4-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-narayana-compensations-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-jbosstxbridge-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-jbossxts-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-jts-idlj-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-jts-integration-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-restat-api-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-restat-bridge-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-restat-integration-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-restat-util-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-narayana-txframework-0:5.11.4-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-neethi-0:3.1.1-1.1.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-neethi-0:3.1.1-1.1.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-0:4.1.77-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.52-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.77-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.77-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.77-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-xnio-transport-0:0.1.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-xnio-transport-0:0.1.9-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-objectweb-asm-0:9.1.0-1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-opensaml-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-0:3.3.1-1.1.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-opensaml-core-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-profile-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-saml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-saml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-security-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-security-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-soap-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xacml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xacml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xacml-saml-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xacml-saml-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xmlsec-api-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-opensaml-xmlsec-impl-0:3.3.1-1.1.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-10.Final_redhat_00009.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketbox-commons-0:1.0.0-4.final_redhat_5.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketbox-commons-0:1.0.0-4.final_redhat_5.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-10.Final_redhat_00009.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-api-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-bindings-0:2.5.5-26.SP12_redhat_00014.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-common-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-config-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-federation-0:2.5.5-21.SP12_redhat_00011.1.el9eap.src", "9Base-JBEAP-7.4:eap7-picketlink-idm-api-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-impl-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-idm-simple-schema-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-impl-0:2.5.5-21.SP12_redhat_00011.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-picketlink-wildfly8-0:2.5.5-26.SP12_redhat_00014.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-protostream-0:4.3.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-python3-javapackages-0:3.4.1-5.15.6.el9eap.noarch", "9Base-JBEAP-7.4:eap7-reactive-streams-0:1.0.3-2.redhat_00003.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-reactive-streams-0:1.0.3-2.redhat_00003.1.el9eap.src", "9Base-JBEAP-7.4:eap7-reactivex-rxjava-0:3.0.9-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-reactivex-rxjava-0:3.0.9-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-reactivex-rxjava2-0:2.2.20-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-reactivex-rxjava2-0:2.2.20-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-relaxng-datatype-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-rngom-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-runtime-0:1-18.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-shibboleth-java-support-0:7.3.0-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-shibboleth-java-support-0:7.3.0-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-slf4j-0:1.7.22-4.1.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-slf4j-0:1.7.22-4.1.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-slf4j-api-0:1.7.22-4.1.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-slf4j-ext-0:1.7.22-4.1.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-slf4j-jboss-logmanager-0:1.1.0-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-slf4j-jboss-logmanager-0:1.1.0-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el9eap.noarch", "9Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el9eap.src", "9Base-JBEAP-7.4:eap7-stax-ex-0:1.8.3-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-stax-ex-0:1.8.3-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-stax2-api-0:4.2.1-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-stax2-api-0:4.2.1-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-staxmapper-0:1.3.0-2.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-staxmapper-0:1.3.0-2.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-sun-istack-commons-0:3.0.10-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-sun-istack-commons-0:3.0.10-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-sun-saaj-1.3-impl-0:1.3.16-18.SP1_redhat_6.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-sun-saaj-1.3-impl-0:1.3.16-18.SP1_redhat_6.1.el9eap.src", "9Base-JBEAP-7.4:eap7-sun-saaj-1.4-impl-0:1.4.1-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-sun-saaj-1.4-impl-0:1.4.1-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-sun-ws-metadata-2.0-api-0:1.0.0-7.MR1_redhat_8.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-sun-ws-metadata-2.0-api-0:1.0.0-7.MR1_redhat_8.1.el9eap.src", "9Base-JBEAP-7.4:eap7-taglibs-standard-compat-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-taglibs-standard-impl-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-taglibs-standard-spec-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-tomcat-taglibs-standard-0:1.2.6-2.1.RC1_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-txw2-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.18-2.SP2_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-jastow-0:2.0.9-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-jastow-0:2.0.9-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-js-0:1.0.2-2.Final_redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-js-0:1.0.2-2.Final_redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.2-2.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-vdx-0:1.1.6-2.redhat_1.1.el9eap.src", "9Base-JBEAP-7.4:eap7-vdx-core-0:1.1.6-2.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-vdx-wildfly-0:1.1.6-2.redhat_1.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-cdi-2.0-api-0:2.0.2-2.redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-cdi-2.0-api-0:2.0.2-2.redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-weld-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-jta-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-weld-web-0:3.1.6-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.6-5.GA_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-client-config-0:1.0.1-2.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-client-config-0:1.0.1-2.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-common-0:1.5.4-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-common-0:1.5.4-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-discovery-0:1.2.1-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-discovery-client-0:1.2.1-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.13-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.13-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.12-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.6-5.GA_redhat_00002.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.14-1.1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-naming-client-0:1.0.14-1.1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-openssl-0:2.2.3-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-openssl-el9-x86_64-0:2.2.2-1.Final_redhat_00002.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-openssl-el9-x86_64-0:2.2.2-1.Final_redhat_00002.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-wildfly-openssl-el9-x86_64-debuginfo-0:2.2.2-1.Final_redhat_00002.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-wildfly-openssl-java-0:2.2.3-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.0.3-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-woodstox-core-0:6.0.3-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wsdl4j-0:1.6.3-13.redhat_2.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wsdl4j-0:1.6.3-13.redhat_2.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-0:2.2.7-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wss4j-bindings-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-policy-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-ws-security-common-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-ws-security-dom-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-ws-security-policy-stax-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wss4j-ws-security-stax-0:2.2.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xml-commons-resolver-0:1.2.0-7.redhat_12.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xml-commons-resolver-0:1.2.0-7.redhat_12.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xml-resolver-0:1.2.0-7.redhat_12.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xml-security-0:2.1.7-1.1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-xom-0:1.3.7-1.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-xsom-0:2.3.3-4.1.b02_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-yasson-0:1.0.10-1.redhat_00001.1.el9eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson" } ] }
rhsa-2023_0612
Vulnerability from csaf_redhat
Published
2023-02-06 19:42
Modified
2024-09-18 14:43
Summary
Red Hat Security Advisory: rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon security update
Notes
Topic
An update for rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: rh-nodejs14-nodejs (14.21.1), rh-nodejs14-nodejs-nodemon (2.0.20). (BZ#2129806, BZ#2135519, BZ#2135520, BZ#2141022)
Security Fix(es):
* glob-parent: Regular Expression Denial of Service (CVE-2021-35065)
* minimist: prototype pollution (CVE-2021-44906)
* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)
* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)
* express: "qs" prototype poisoning causes the hang of the node process (CVE-2022-24999)
* nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* rh-nodejs14-nodejs: Provide full-i18n subpackage (BZ#2009880)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: rh-nodejs14-nodejs (14.21.1), rh-nodejs14-nodejs-nodemon (2.0.20). (BZ#2129806, BZ#2135519, BZ#2135520, BZ#2141022)\n\nSecurity Fix(es):\n\n* glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n\n* minimist: prototype pollution (CVE-2021-44906)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)\n\n* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)\n\n* express: \"qs\" prototype poisoning causes the hang of the node process (CVE-2022-24999)\n\n* nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* rh-nodejs14-nodejs: Provide full-i18n subpackage (BZ#2009880)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:0612", "url": "https://access.redhat.com/errata/RHSA-2023:0612" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2009880", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2009880" }, { "category": "external", "summary": "2044591", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044591" }, { "category": "external", "summary": "2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "2129806", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129806" }, { "category": "external", "summary": "2134609", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134609" }, { "category": "external", "summary": "2140911", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140911" }, { "category": "external", "summary": "2150323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323" }, { "category": "external", "summary": "2156324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_0612.json" } ], "title": "Red Hat Security Advisory: rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon security update", "tracking": { "current_release_date": "2024-09-18T14:43:26+00:00", "generator": { "date": "2024-09-18T14:43:26+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2023:0612", "initial_release_date": "2023-02-06T19:42:24+00:00", "revision_history": [ { "date": "2023-02-06T19:42:24+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-02-06T19:42:24+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-18T14:43:26+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Software Collections for RHEL Workstation(v. 7)", "product": { "name": "Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for RHEL(v. 7)", "product": { "name": "Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } } ], "category": "product_family", "name": "Red Hat Software Collections" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src", "product": { "name": "rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src", "product_id": "rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs-nodemon@2.0.20-2.el7?arch=src" } } }, { "category": "product_version", "name": "rh-nodejs14-nodejs-0:14.21.1-3.el7.src", "product": { "name": "rh-nodejs14-nodejs-0:14.21.1-3.el7.src", "product_id": "rh-nodejs14-nodejs-0:14.21.1-3.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs@14.21.1-3.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch", "product": { "name": "rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch", "product_id": "rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs-nodemon@2.0.20-2.el7?arch=noarch" } } }, { "category": "product_version", "name": "rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch", "product": { "name": "rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch", "product_id": "rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs-docs@14.21.1-3.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64", "product": { "name": "rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64", "product_id": "rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs@14.21.1-3.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64", "product": { "name": "rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64", "product_id": "rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs-devel@14.21.1-3.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64", "product": { "name": "rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64", "product_id": "rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs-full-i18n@14.21.1-3.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64", "product": { "name": "rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64", "product_id": "rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-npm@6.14.17-14.21.1.3.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64", "product": { "name": "rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64", "product_id": "rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs-debuginfo@14.21.1-3.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x", "product": { "name": "rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x", "product_id": "rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs@14.21.1-3.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x", "product": { "name": "rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x", "product_id": "rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs-devel@14.21.1-3.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x", "product": { "name": "rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x", "product_id": "rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs-full-i18n@14.21.1-3.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x", "product": { "name": "rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x", "product_id": "rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-npm@6.14.17-14.21.1.3.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x", "product": { "name": "rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x", "product_id": "rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs-debuginfo@14.21.1-3.el7?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le", "product": { "name": "rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le", "product_id": "rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs@14.21.1-3.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le", "product": { "name": "rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le", "product_id": "rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs-devel@14.21.1-3.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le", "product": { "name": "rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le", "product_id": "rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs-full-i18n@14.21.1-3.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le", "product": { "name": "rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le", "product_id": "rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-npm@6.14.17-14.21.1.3.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le", "product": { "name": "rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le", "product_id": "rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs-debuginfo@14.21.1-3.el7?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le" }, "product_reference": "rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x" }, "product_reference": "rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-0:14.21.1-3.el7.src as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src" }, "product_reference": "rh-nodejs14-nodejs-0:14.21.1-3.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64" }, "product_reference": "rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le" }, "product_reference": "rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x" }, "product_reference": "rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64" }, "product_reference": "rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le" }, "product_reference": "rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x" }, "product_reference": "rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64" }, "product_reference": "rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch" }, "product_reference": "rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le" }, "product_reference": "rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x" }, "product_reference": "rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64" }, "product_reference": "rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch" }, "product_reference": "rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src" }, "product_reference": "rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le" }, "product_reference": "rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x" }, "product_reference": "rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64" }, "product_reference": "rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le" }, "product_reference": "rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x" }, "product_reference": "rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-0:14.21.1-3.el7.src as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src" }, "product_reference": "rh-nodejs14-nodejs-0:14.21.1-3.el7.src", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64" }, "product_reference": "rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le" }, "product_reference": "rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x" }, "product_reference": "rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64" }, "product_reference": "rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le" }, "product_reference": "rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x" }, "product_reference": "rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64" }, "product_reference": "rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch" }, "product_reference": "rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le" }, "product_reference": "rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x" }, "product_reference": "rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64" }, "product_reference": "rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch" }, "product_reference": "rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src" }, "product_reference": "rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le" }, "product_reference": "rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x" }, "product_reference": "rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64" }, "product_reference": "rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.8" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-35065", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-12-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156324" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "glob-parent: Regular Expression Denial of Service", "title": "Vulnerability summary" }, { "category": "other", "text": "The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-35065" }, { "category": "external", "summary": "RHBZ#2156324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-35065", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35065" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065" }, { "category": "external", "summary": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294", "url": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294" } ], "release_date": "2022-12-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0612" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "glob-parent: Regular Expression Denial of Service" }, { "cve": "CVE-2021-44906", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066009" } ], "notes": [ { "category": "description", "text": "An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "minimist: prototype pollution", "title": "Vulnerability summary" }, { "category": "other", "text": "The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. While this flaw (CVE-2021-44906) enables attackers to control objects that they should not have access to, actual exploitation would still require a chain of independent flaws. Even though the CVSS for CVE-2021-44906 is higher than CVE-2020-7598, they are both rated as having Moderate impact.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44906" }, { "category": "external", "summary": "RHBZ#2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h" } ], "release_date": "2022-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0612" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "minimist: prototype pollution" }, { "cve": "CVE-2022-0235", "cwe": { "id": "CWE-601", "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)" }, "discovery_date": "2022-01-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2044591" } ], "notes": [ { "category": "description", "text": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "title": "Vulnerability description" }, { "category": "summary", "text": "node-fetch: exposure of sensitive information to an unauthorized actor", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is out of support scope for dotnet-5.0. For more information about Dotnet product support scope, please see https://access.redhat.com/support/policy/updates/net-core", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0235" }, { "category": "external", "summary": "RHBZ#2044591", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044591" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0235", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0235" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0235", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0235" }, { "category": "external", "summary": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/", "url": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/" } ], "release_date": "2022-01-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0612" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "node-fetch: exposure of sensitive information to an unauthorized actor" }, { "cve": "CVE-2022-3517", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2022-06-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2134609" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-minimatch: ReDoS via the braceExpand function", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-3517" }, { "category": "external", "summary": "RHBZ#2134609", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134609" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3517", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3517" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3517", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3517" } ], "release_date": "2022-02-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0612" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs-minimatch: ReDoS via the braceExpand function" }, { "cve": "CVE-2022-24999", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-12-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2150323" } ], "notes": [ { "category": "description", "text": "A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker can cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "express: \"qs\" prototype poisoning causes the hang of the node process", "title": "Vulnerability summary" }, { "category": "other", "text": "- The qs and express Package is not used by the OpenShift Container Platform console directly and is only a third-party package dependency. Hence, it is marked as wontfix. \nAs a result, any services that depend on Openshift for their use of qs and express are marked won\u0027t fix. \n- In OpenShift Service Mesh, \u0027qs\u0027 is hoisted from storybook and node-sass, both are dev dependencies, and the vulnerability is not exposed to end users. Hence marked as wontfix.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24999" }, { "category": "external", "summary": "RHBZ#2150323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24999", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24999" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999" }, { "category": "external", "summary": "https://github.com/expressjs/express/releases/tag/4.17.3", "url": "https://github.com/expressjs/express/releases/tag/4.17.3" }, { "category": "external", "summary": "https://github.com/ljharb/qs/pull/428", "url": "https://github.com/ljharb/qs/pull/428" }, { "category": "external", "summary": "https://github.com/n8tz/CVE-2022-24999", "url": "https://github.com/n8tz/CVE-2022-24999" } ], "release_date": "2022-11-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0612" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "express: \"qs\" prototype poisoning causes the hang of the node process" }, { "cve": "CVE-2022-43548", "cwe": { "id": "CWE-350", "name": "Reliance on Reverse DNS Resolution for a Security-Critical Action" }, "discovery_date": "2022-11-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2140911" } ], "notes": [ { "category": "description", "text": "A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: DNS rebinding in inspect via invalid octal IP address", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-43548" }, { "category": "external", "summary": "RHBZ#2140911", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140911" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-43548", "url": "https://www.cve.org/CVERecord?id=CVE-2022-43548" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548", "url": "https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548" } ], "release_date": "2022-11-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0612" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.1-3.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.1-3.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.17-14.21.1.3.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: DNS rebinding in inspect via invalid octal IP address" } ] }
rhsa-2023_0050
Vulnerability from csaf_redhat
Published
2023-01-09 14:55
Modified
2024-09-18 04:53
Summary
Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update
Notes
Topic
An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs (14.21.1), nodejs-nodemon (2.0.20).
Security Fix(es):
* minimist: prototype pollution (CVE-2021-44906)
* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)
* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)
* express: "qs" prototype poisoning causes the hang of the node process (CVE-2022-24999)
* nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (14.21.1), nodejs-nodemon (2.0.20).\n\nSecurity Fix(es):\n\n* minimist: prototype pollution (CVE-2021-44906)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)\n\n* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)\n\n* express: \"qs\" prototype poisoning causes the hang of the node process (CVE-2022-24999)\n\n* nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:0050", "url": "https://access.redhat.com/errata/RHSA-2023:0050" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2044591", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044591" }, { "category": "external", "summary": "2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "2134609", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134609" }, { "category": "external", "summary": "2140911", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140911" }, { "category": "external", "summary": "2142821", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142821" }, { "category": "external", "summary": "2150323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_0050.json" } ], "title": "Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update", "tracking": { "current_release_date": "2024-09-18T04:53:27+00:00", "generator": { "date": "2024-09-18T04:53:27+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2023:0050", "initial_release_date": "2023-01-09T14:55:37+00:00", "revision_history": [ { "date": "2023-01-09T14:55:37+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-01-09T14:55:37+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-18T04:53:27+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "nodejs:14:8070020221212161539:bd1311ed", "product": { "name": "nodejs:14:8070020221212161539:bd1311ed", "product_id": "nodejs:14:8070020221212161539:bd1311ed", "product_identification_helper": { "purl": "pkg:rpmmod/redhat/nodejs@14:8070020221212161539:bd1311ed" } } }, { "category": "product_version", "name": "nodejs-docs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.noarch", "product": { "name": "nodejs-docs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.noarch", "product_id": "nodejs-docs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-docs@14.21.1-2.module%2Bel8.7.0%2B17528%2Ba329cd47?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17528+a329cd47.noarch", "product": { "name": "nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17528+a329cd47.noarch", "product_id": "nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17528+a329cd47.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.20-2.module%2Bel8.7.0%2B17528%2Ba329cd47?arch=noarch" } } }, { "category": "product_version", "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "product": { "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "product_id": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-packaging@23-3.module%2Bel8.3.0%2B6519%2B9f98ed83?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "product": { "name": "nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "product_id": "nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@14.21.1-2.module%2Bel8.7.0%2B17528%2Ba329cd47?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "product": { "name": "nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "product_id": "nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.1-2.module%2Bel8.7.0%2B17528%2Ba329cd47?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "product": { "name": "nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "product_id": "nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.1-2.module%2Bel8.7.0%2B17528%2Ba329cd47?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "product": { "name": "nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "product_id": "nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@14.21.1-2.module%2Bel8.7.0%2B17528%2Ba329cd47?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "product": { "name": "nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "product_id": "nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.1-2.module%2Bel8.7.0%2B17528%2Ba329cd47?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.aarch64", "product": { "name": "npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.aarch64", "product_id": "npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.14.17-1.14.21.1.2.module%2Bel8.7.0%2B17528%2Ba329cd47?arch=aarch64\u0026epoch=1" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.src", "product": { "name": "nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.src", "product_id": "nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@14.21.1-2.module%2Bel8.7.0%2B17528%2Ba329cd47?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17528+a329cd47.src", "product": { "name": "nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17528+a329cd47.src", "product_id": "nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17528+a329cd47.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.20-2.module%2Bel8.7.0%2B17528%2Ba329cd47?arch=src" } } }, { "category": "product_version", "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "product": { "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "product_id": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-packaging@23-3.module%2Bel8.3.0%2B6519%2B9f98ed83?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "product": { "name": "nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "product_id": "nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@14.21.1-2.module%2Bel8.7.0%2B17528%2Ba329cd47?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "product": { "name": "nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "product_id": "nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.1-2.module%2Bel8.7.0%2B17528%2Ba329cd47?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "product": { "name": "nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "product_id": "nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.1-2.module%2Bel8.7.0%2B17528%2Ba329cd47?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "product": { "name": "nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "product_id": "nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@14.21.1-2.module%2Bel8.7.0%2B17528%2Ba329cd47?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "product": { "name": "nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "product_id": "nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.1-2.module%2Bel8.7.0%2B17528%2Ba329cd47?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.ppc64le", "product": { "name": "npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.ppc64le", "product_id": "npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.14.17-1.14.21.1.2.module%2Bel8.7.0%2B17528%2Ba329cd47?arch=ppc64le\u0026epoch=1" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "product": { "name": "nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "product_id": "nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@14.21.1-2.module%2Bel8.7.0%2B17528%2Ba329cd47?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "product": { "name": "nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "product_id": "nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.1-2.module%2Bel8.7.0%2B17528%2Ba329cd47?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "product": { "name": "nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "product_id": "nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.1-2.module%2Bel8.7.0%2B17528%2Ba329cd47?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "product": { "name": "nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "product_id": "nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@14.21.1-2.module%2Bel8.7.0%2B17528%2Ba329cd47?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "product": { "name": "nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "product_id": "nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.1-2.module%2Bel8.7.0%2B17528%2Ba329cd47?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.s390x", "product": { "name": "npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.s390x", "product_id": "npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.14.17-1.14.21.1.2.module%2Bel8.7.0%2B17528%2Ba329cd47?arch=s390x\u0026epoch=1" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "product": { "name": "nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "product_id": "nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@14.21.1-2.module%2Bel8.7.0%2B17528%2Ba329cd47?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "product": { "name": "nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "product_id": "nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.1-2.module%2Bel8.7.0%2B17528%2Ba329cd47?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "product": { "name": "nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "product_id": "nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.1-2.module%2Bel8.7.0%2B17528%2Ba329cd47?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "product": { "name": "nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "product_id": "nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@14.21.1-2.module%2Bel8.7.0%2B17528%2Ba329cd47?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "product": { "name": "nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "product_id": "nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.1-2.module%2Bel8.7.0%2B17528%2Ba329cd47?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.x86_64", "product": { "name": "npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.x86_64", "product_id": "npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.14.17-1.14.21.1.2.module%2Bel8.7.0%2B17528%2Ba329cd47?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "nodejs:14:8070020221212161539:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed" }, "product_reference": "nodejs:14:8070020221212161539:bd1311ed", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64 as a component of nodejs:14:8070020221212161539:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64" }, "product_reference": "nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le as a component of nodejs:14:8070020221212161539:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le" }, "product_reference": "nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x as a component of nodejs:14:8070020221212161539:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x" }, "product_reference": "nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.src as a component of nodejs:14:8070020221212161539:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.src" }, "product_reference": "nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.src", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64 as a component of nodejs:14:8070020221212161539:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64" }, "product_reference": "nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64 as a component of nodejs:14:8070020221212161539:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64" }, "product_reference": "nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le as a component of nodejs:14:8070020221212161539:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le" }, "product_reference": "nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x as a component of nodejs:14:8070020221212161539:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x" }, "product_reference": "nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64 as a component of nodejs:14:8070020221212161539:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64" }, "product_reference": "nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64 as a component of nodejs:14:8070020221212161539:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64" }, "product_reference": "nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le as a component of nodejs:14:8070020221212161539:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le" }, "product_reference": "nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x as a component of nodejs:14:8070020221212161539:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x" }, "product_reference": "nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64 as a component of nodejs:14:8070020221212161539:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64" }, "product_reference": "nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64 as a component of nodejs:14:8070020221212161539:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64" }, "product_reference": "nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le as a component of nodejs:14:8070020221212161539:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le" }, "product_reference": "nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x as a component of nodejs:14:8070020221212161539:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x" }, "product_reference": "nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64 as a component of nodejs:14:8070020221212161539:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64" }, "product_reference": "nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-docs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.noarch as a component of nodejs:14:8070020221212161539:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-docs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.noarch" }, "product_reference": "nodejs-docs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.noarch", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64 as a component of nodejs:14:8070020221212161539:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64" }, "product_reference": "nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le as a component of nodejs:14:8070020221212161539:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le" }, "product_reference": "nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x as a component of nodejs:14:8070020221212161539:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x" }, "product_reference": "nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64 as a component of nodejs:14:8070020221212161539:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64" }, "product_reference": "nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17528+a329cd47.noarch as a component of nodejs:14:8070020221212161539:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17528+a329cd47.noarch" }, "product_reference": "nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17528+a329cd47.noarch", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17528+a329cd47.src as a component of nodejs:14:8070020221212161539:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17528+a329cd47.src" }, "product_reference": "nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17528+a329cd47.src", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch as a component of nodejs:14:8070020221212161539:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch" }, "product_reference": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src as a component of nodejs:14:8070020221212161539:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src" }, "product_reference": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.aarch64 as a component of nodejs:14:8070020221212161539:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.aarch64" }, "product_reference": "npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.aarch64", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.ppc64le as a component of nodejs:14:8070020221212161539:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.ppc64le" }, "product_reference": "npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.ppc64le", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.s390x as a component of nodejs:14:8070020221212161539:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.s390x" }, "product_reference": "npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.s390x", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.x86_64 as a component of nodejs:14:8070020221212161539:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.x86_64" }, "product_reference": "npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.x86_64", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-44906", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066009" } ], "notes": [ { "category": "description", "text": "An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "minimist: prototype pollution", "title": "Vulnerability summary" }, { "category": "other", "text": "The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. While this flaw (CVE-2021-44906) enables attackers to control objects that they should not have access to, actual exploitation would still require a chain of independent flaws. Even though the CVSS for CVE-2021-44906 is higher than CVE-2020-7598, they are both rated as having Moderate impact.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-docs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17528+a329cd47.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17528+a329cd47.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44906" }, { "category": "external", "summary": "RHBZ#2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h" } ], "release_date": "2022-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-docs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17528+a329cd47.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17528+a329cd47.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0050" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-docs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17528+a329cd47.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17528+a329cd47.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "minimist: prototype pollution" }, { "cve": "CVE-2022-0235", "cwe": { "id": "CWE-601", "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)" }, "discovery_date": "2022-01-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2044591" } ], "notes": [ { "category": "description", "text": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "title": "Vulnerability description" }, { "category": "summary", "text": "node-fetch: exposure of sensitive information to an unauthorized actor", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is out of support scope for dotnet-5.0. For more information about Dotnet product support scope, please see https://access.redhat.com/support/policy/updates/net-core", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-docs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17528+a329cd47.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17528+a329cd47.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0235" }, { "category": "external", "summary": "RHBZ#2044591", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044591" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0235", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0235" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0235", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0235" }, { "category": "external", "summary": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/", "url": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/" } ], "release_date": "2022-01-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-docs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17528+a329cd47.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17528+a329cd47.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0050" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-docs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17528+a329cd47.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17528+a329cd47.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "node-fetch: exposure of sensitive information to an unauthorized actor" }, { "cve": "CVE-2022-3517", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2022-06-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2134609" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-minimatch: ReDoS via the braceExpand function", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-docs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17528+a329cd47.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17528+a329cd47.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-3517" }, { "category": "external", "summary": "RHBZ#2134609", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134609" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3517", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3517" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3517", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3517" } ], "release_date": "2022-02-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-docs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17528+a329cd47.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17528+a329cd47.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0050" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-docs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17528+a329cd47.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17528+a329cd47.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs-minimatch: ReDoS via the braceExpand function" }, { "cve": "CVE-2022-24999", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-12-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2150323" } ], "notes": [ { "category": "description", "text": "A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker can cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "express: \"qs\" prototype poisoning causes the hang of the node process", "title": "Vulnerability summary" }, { "category": "other", "text": "- The qs and express Package is not used by the OpenShift Container Platform console directly and is only a third-party package dependency. Hence, it is marked as wontfix. \nAs a result, any services that depend on Openshift for their use of qs and express are marked won\u0027t fix. \n- In OpenShift Service Mesh, \u0027qs\u0027 is hoisted from storybook and node-sass, both are dev dependencies, and the vulnerability is not exposed to end users. Hence marked as wontfix.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-docs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17528+a329cd47.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17528+a329cd47.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24999" }, { "category": "external", "summary": "RHBZ#2150323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24999", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24999" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999" }, { "category": "external", "summary": "https://github.com/expressjs/express/releases/tag/4.17.3", "url": "https://github.com/expressjs/express/releases/tag/4.17.3" }, { "category": "external", "summary": "https://github.com/ljharb/qs/pull/428", "url": "https://github.com/ljharb/qs/pull/428" }, { "category": "external", "summary": "https://github.com/n8tz/CVE-2022-24999", "url": "https://github.com/n8tz/CVE-2022-24999" } ], "release_date": "2022-11-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-docs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17528+a329cd47.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17528+a329cd47.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0050" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-docs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17528+a329cd47.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17528+a329cd47.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "express: \"qs\" prototype poisoning causes the hang of the node process" }, { "cve": "CVE-2022-43548", "cwe": { "id": "CWE-350", "name": "Reliance on Reverse DNS Resolution for a Security-Critical Action" }, "discovery_date": "2022-11-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2140911" } ], "notes": [ { "category": "description", "text": "A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: DNS rebinding in inspect via invalid octal IP address", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-docs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17528+a329cd47.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17528+a329cd47.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-43548" }, { "category": "external", "summary": "RHBZ#2140911", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140911" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-43548", "url": "https://www.cve.org/CVERecord?id=CVE-2022-43548" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548", "url": "https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548" } ], "release_date": "2022-11-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-docs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17528+a329cd47.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17528+a329cd47.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0050" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debuginfo-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-debugsource-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-devel-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-docs-1:14.21.1-2.module+el8.7.0+17528+a329cd47.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-full-i18n-1:14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17528+a329cd47.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-nodemon-0:2.0.20-2.module+el8.7.0+17528+a329cd47.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020221212161539:bd1311ed:npm-1:6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: DNS rebinding in inspect via invalid octal IP address" } ] }
ghsa-xvch-5gv4-984h
Vulnerability from github
Published
2022-03-18 00:01
Modified
2024-06-21 21:33
Severity
Summary
Prototype Pollution in minimist
Details
Minimist prior to 1.2.6 and 0.2.4 is vulnerable to Prototype Pollution via file index.js
, function setKey()
(lines 69-95).
{ "affected": [ { "package": { "ecosystem": "npm", "name": "minimist" }, "ranges": [ { "events": [ { "introduced": "1.0.0" }, { "fixed": "1.2.6" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "npm", "name": "minimist" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0.2.4" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2021-44906" ], "database_specific": { "cwe_ids": [ "CWE-1321" ], "github_reviewed": true, "github_reviewed_at": "2022-03-18T23:13:40Z", "nvd_published_at": "2022-03-17T16:15:00Z", "severity": "CRITICAL" }, "details": "Minimist prior to 1.2.6 and 0.2.4 is vulnerable to Prototype Pollution via file `index.js`, function `setKey()` (lines 69-95).", "id": "GHSA-xvch-5gv4-984h", "modified": "2024-06-21T21:33:51Z", "published": "2022-03-18T00:01:09Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906" }, { "type": "WEB", "url": "https://github.com/minimistjs/minimist/issues/11" }, { "type": "WEB", "url": "https://github.com/substack/minimist/issues/164" }, { "type": "WEB", "url": "https://github.com/minimistjs/minimist/pull/24" }, { "type": "WEB", "url": "https://github.com/minimistjs/minimist/commit/34e20b8461118608703d6485326abbb8e35e1703" }, { "type": "WEB", "url": "https://github.com/minimistjs/minimist/commit/bc8ecee43875261f4f17eb20b1243d3ed15e70eb" }, { "type": "WEB", "url": "https://github.com/minimistjs/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4d" }, { "type": "WEB", "url": "https://github.com/minimistjs/minimist/commit/ef9153fc52b6cea0744b2239921c5dcae4697f11" }, { "type": "WEB", "url": "https://github.com/Marynk/JavaScript-vulnerability-detection/blob/main/minimist%20PoC.zip" }, { "type": "WEB", "url": "https://github.com/minimistjs/minimist/commits/v0.2.4" }, { "type": "PACKAGE", "url": "https://github.com/substack/minimist" }, { "type": "WEB", "url": "https://github.com/substack/minimist/blob/master/index.js#L69" }, { "type": "WEB", "url": "https://security.netapp.com/advisory/ntap-20240621-0006" }, { "type": "WEB", "url": "https://snyk.io/vuln/SNYK-JS-MINIMIST-559764" }, { "type": "WEB", "url": "https://stackoverflow.com/questions/8588563/adding-custom-properties-to-a-function/20278068#20278068" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ], "summary": "Prototype Pollution in minimist" }
gsd-2021-44906
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
Aliases
Aliases
{ "GSD": { "alias": "CVE-2021-44906", "description": "Minimist \u003c=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).", "id": "GSD-2021-44906", "references": [ "https://www.suse.com/security/cve/CVE-2021-44906.html", "https://access.redhat.com/errata/RHSA-2022:1739", "https://access.redhat.com/errata/RHSA-2022:4914", "https://access.redhat.com/errata/RHSA-2022:5069", "https://access.redhat.com/errata/RHSA-2022:5892", "https://access.redhat.com/errata/RHSA-2022:5893", "https://access.redhat.com/errata/RHSA-2022:5894", "https://access.redhat.com/errata/RHSA-2022:5928", "https://access.redhat.com/errata/RHSA-2022:7044", "https://access.redhat.com/errata/RHSA-2022:8652", "https://access.redhat.com/errata/RHSA-2022:9073", "https://access.redhat.com/errata/RHSA-2023:0050", "https://advisories.mageia.org/CVE-2021-44906.html", "https://access.redhat.com/errata/RHSA-2023:0321", "https://access.redhat.com/errata/RHSA-2023:0612", "https://access.redhat.com/errata/RHSA-2023:1043", "https://access.redhat.com/errata/RHSA-2023:1044", "https://access.redhat.com/errata/RHSA-2023:1045", "https://access.redhat.com/errata/RHSA-2023:1047", "https://access.redhat.com/errata/RHSA-2023:1049", "https://access.redhat.com/errata/RHSA-2022:6813" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2021-44906" ], "details": "Minimist \u003c=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).", "id": "GSD-2021-44906", "modified": "2023-12-13T01:23:20.136690Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-44906", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Minimist \u003c=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://snyk.io/vuln/SNYK-JS-MINIMIST-559764", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JS-MINIMIST-559764" }, { "name": "https://github.com/Marynk/JavaScript-vulnerability-detection/blob/main/minimist%20PoC.zip", "refsource": "MISC", "url": "https://github.com/Marynk/JavaScript-vulnerability-detection/blob/main/minimist%20PoC.zip" }, { "name": "https://github.com/substack/minimist/blob/master/index.js#L69", "refsource": "MISC", "url": "https://github.com/substack/minimist/blob/master/index.js#L69" }, { "name": "https://stackoverflow.com/questions/8588563/adding-custom-properties-to-a-function/20278068#20278068", "refsource": "MISC", "url": "https://stackoverflow.com/questions/8588563/adding-custom-properties-to-a-function/20278068#20278068" }, { "name": "https://github.com/substack/minimist/issues/164", "refsource": "MISC", "url": "https://github.com/substack/minimist/issues/164" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "\u003c1.2.6", "affected_versions": "All versions before 1.2.6", "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cwe_ids": [ "CWE-1035", "CWE-1321", "CWE-937" ], "date": "2022-04-12", "description": "Minimist \u003c=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).", "fixed_versions": [ "1.2.6" ], "identifier": "CVE-2021-44906", "identifiers": [ "CVE-2021-44906", "GHSA-xvch-5gv4-984h" ], "not_impacted": "All versions starting from 1.2.6", "package_slug": "npm/minimist", "pubdate": "2022-03-17", "solution": "Upgrade to version 1.2.6 or above.", "title": "Prototype Pollution in minimist", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", "https://github.com/substack/minimist/issues/164", "https://github.com/substack/minimist/blob/master/index.js#L69", "https://snyk.io/vuln/SNYK-JS-MINIMIST-559764", "https://stackoverflow.com/questions/8588563/adding-custom-properties-to-a-function/20278068#20278068", "https://github.com/advisories/GHSA-xvch-5gv4-984h" ], "uuid": "9d7c0895-2bb9-442d-9a89-eff7a63c0438" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:substack:minimist:*:*:*:*:*:node.js:*:*", "cpe_name": [], "versionEndExcluding": "1.2.6", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-44906" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Minimist \u003c=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-1321" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/Marynk/JavaScript-vulnerability-detection/blob/main/minimist%20PoC.zip", "refsource": "MISC", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://github.com/Marynk/JavaScript-vulnerability-detection/blob/main/minimist%20PoC.zip" }, { "name": "https://snyk.io/vuln/SNYK-JS-MINIMIST-559764", "refsource": "MISC", "tags": [ "Exploit", "Not Applicable", "Patch", "Third Party Advisory" ], "url": "https://snyk.io/vuln/SNYK-JS-MINIMIST-559764" }, { "name": "https://stackoverflow.com/questions/8588563/adding-custom-properties-to-a-function/20278068#20278068", "refsource": "MISC", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://stackoverflow.com/questions/8588563/adding-custom-properties-to-a-function/20278068#20278068" }, { "name": "https://github.com/substack/minimist/issues/164", "refsource": "MISC", "tags": [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://github.com/substack/minimist/issues/164" }, { "name": "https://github.com/substack/minimist/blob/master/index.js#L69", "refsource": "MISC", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://github.com/substack/minimist/blob/master/index.js#L69" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9 } }, "lastModifiedDate": "2022-04-12T16:52Z", "publishedDate": "2022-03-17T16:15Z" } } }
Loading...