Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2024-21534
Vulnerability from cvelistv5
Published
2024-10-11 05:00
Modified
2024-11-18 10:37
Severity ?
EPSS score ?
Summary
All versions of the package jsonpath-plus are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node.
**Note:**
There were several attempts to fix it in versions [10.0.0-10.1.0](https://github.com/JSONPath-Plus/JSONPath/compare/v9.0.0...v10.1.0) but it could still be exploited using [different payloads](https://github.com/JSONPath-Plus/JSONPath/issues/226).
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | n/a | jsonpath-plus |
Version: 0 ≤ |
||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:jsonpath-plus:jsonpath:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "jsonpath", "vendor": "jsonpath-plus", "versions": [ { "lessThan": "10.0.7", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-21534", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-11T14:23:05.262400Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-22T19:13:34.790Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "jsonpath-plus", "vendor": "n/a", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "product": "org.webjars.npm:jsonpath-plus", "vendor": "n/a", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "value": "Andrea Angelo Raineri" } ], "descriptions": [ { "lang": "en", "value": "All versions of the package jsonpath-plus are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node.\r\r**Note:**\r\rThere were several attempts to fix it in versions [10.0.0-10.1.0](https://github.com/JSONPath-Plus/JSONPath/compare/v9.0.0...v10.1.0) but it could still be exploited using [different payloads](https://github.com/JSONPath-Plus/JSONPath/issues/226)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-94", "description": "Remote Code Execution (RCE)", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-18T10:37:45.634Z", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk" }, "references": [ { "url": "https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884" }, { "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-8185019" }, { "url": "https://github.com/JSONPath-Plus/JSONPath/compare/v9.0.0...v10.1.0" }, { "url": "https://github.com/JSONPath-Plus/JSONPath/issues/226" } ] } }, "cveMetadata": { "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2024-21534", "datePublished": "2024-10-11T05:00:01.824Z", "dateReserved": "2023-12-22T12:33:20.123Z", "dateUpdated": "2024-11-18T10:37:45.634Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-21534\",\"sourceIdentifier\":\"report@snyk.io\",\"published\":\"2024-10-11T13:15:15.667\",\"lastModified\":\"2024-11-18T11:15:06.447\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"All versions of the package jsonpath-plus are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node.\\r\\r**Note:**\\r\\rThere were several attempts to fix it in versions [10.0.0-10.1.0](https://github.com/JSONPath-Plus/JSONPath/compare/v9.0.0...v10.1.0) but it could still be exploited using [different payloads](https://github.com/JSONPath-Plus/JSONPath/issues/226).\"},{\"lang\":\"es\",\"value\":\"Las versiones del paquete jsonpath-plus anteriores a la 10.0.0 son vulnerables a la ejecuci\u00f3n remota de c\u00f3digo (RCE) debido a una desinfecci\u00f3n de entrada incorrecta. Un atacante puede ejecutar c\u00f3digo arbitrario en el sistema aprovechando el uso inseguro predeterminado de vm en Node. **Nota:** El comportamiento inseguro sigue estando disponible despu\u00e9s de aplicar la correcci\u00f3n, pero no est\u00e1 activado de forma predeterminada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"report@snyk.io\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"report@snyk.io\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"references\":[{\"url\":\"https://github.com/JSONPath-Plus/JSONPath/compare/v9.0.0...v10.1.0\",\"source\":\"report@snyk.io\"},{\"url\":\"https://github.com/JSONPath-Plus/JSONPath/issues/226\",\"source\":\"report@snyk.io\"},{\"url\":\"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-8185019\",\"source\":\"report@snyk.io\"},{\"url\":\"https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884\",\"source\":\"report@snyk.io\"}]}}" } }
rhsa-2024_10236
Vulnerability from csaf_redhat
Published
2024-11-25 19:44
Modified
2024-12-18 04:35
Summary
Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.17.0 release
Notes
Topic
Red Hat OpenShift Dev Spaces 3.17 has been released.
All containers have been updated to include feature enhancements, bug fixes and CVE fixes. This includes fixes to Critical CVE-2024-21534.
Following the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System (CVSS) base score is available for every fixed CVE in the references section.
Details
Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.
The 3.17 release is based on Eclipse Che 7.92 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.
This release provides fixes for CVE-2024-21534, CVE-2024-29415, CVE-2024-34156, CVE-2024-45296, CVE-2024-45813, CVE-2024-47875, and CVE-2024-48949. CVE-2024-29415 addresses an incomplete fix for CVE-2023-42282.
Users still using the v1 standard should migrate as soon as possible.
https://devfile.io/docs/2.2.0/migrating-to-devfile-v2
Dev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates.
https://access.redhat.com/support/policy/updates/openshift#crw
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Dev Spaces 3.17 has been released.\n\nAll containers have been updated to include feature enhancements, bug fixes and CVE fixes. This includes fixes to Critical CVE-2024-21534.\n\nFollowing the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System (CVSS) base score is available for every fixed CVE in the references section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.\n\nThe 3.17 release is based on Eclipse Che 7.92 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.\n\nThis release provides fixes for CVE-2024-21534, CVE-2024-29415, CVE-2024-34156, CVE-2024-45296, CVE-2024-45813, CVE-2024-47875, and CVE-2024-48949. CVE-2024-29415 addresses an incomplete fix for CVE-2023-42282.\n\nUsers still using the v1 standard should migrate as soon as possible.\n\nhttps://devfile.io/docs/2.2.0/migrating-to-devfile-v2\n\nDev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates. \n\nhttps://access.redhat.com/support/policy/updates/openshift#crw", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:10236", "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2265161", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265161" }, { "category": "external", "summary": "2284554", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2284554" }, { "category": "external", "summary": "2310528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528" }, { "category": "external", "summary": "2310908", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310908" }, { "category": "external", "summary": "2313383", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313383" }, { "category": "external", "summary": "2317724", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317724" }, { "category": "external", "summary": "2317968", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317968" }, { "category": "external", "summary": "2318052", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318052" }, { "category": "external", "summary": "CRW-7528", "url": "https://issues.redhat.com/browse/CRW-7528" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10236.json" } ], "title": "Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.17.0 release", "tracking": { "current_release_date": "2024-12-18T04:35:59+00:00", "generator": { "date": "2024-12-18T04:35:59+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2024:10236", "initial_release_date": "2024-11-25T19:44:38+00:00", "revision_history": [ { "date": "2024-11-25T19:44:38+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-11-25T19:44:38+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-18T04:35:59+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Dev Spaces 3", "product": { "name": "Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift_devspaces:3::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Dev Spaces" }, { "branches": [ { "category": "product_version", "name": "devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "product": { "name": "devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "product_id": "devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "product_identification_helper": { "purl": "pkg:oci/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/code-rhel8\u0026tag=3.17-19" } } }, { "category": "product_version", "name": "devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "product": { "name": "devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "product_id": "devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "product_identification_helper": { "purl": "pkg:oci/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel8\u0026tag=3.17-4" } } }, { "category": "product_version", "name": "devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "product": { "name": "devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "product_id": "devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "product_identification_helper": { "purl": "pkg:oci/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel8\u0026tag=3.17-25" } } }, { "category": "product_version", "name": "devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "product": { "name": "devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "product_id": "devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "product_identification_helper": { "purl": "pkg:oci/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/idea-rhel8\u0026tag=latest" } } }, { "category": "product_version", "name": "devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "product": { "name": "devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "product_id": "devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "product_identification_helper": { "purl": "pkg:oci/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel8\u0026tag=3.17-4" } } }, { "category": "product_version", "name": "devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "product": { "name": "devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "product_id": "devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "product_identification_helper": { "purl": "pkg:oci/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel8\u0026tag=latest" } } }, { "category": "product_version", "name": "devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "product": { "name": "devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "product_id": "devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "product_identification_helper": { "purl": "pkg:oci/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.17-59" } } }, { "category": "product_version", "name": "devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "product": { "name": "devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "product_id": "devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "product_identification_helper": { "purl": "pkg:oci/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8\u0026tag=3.17-11" } } }, { "category": "product_version", "name": "devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "product": { "name": "devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "product_id": "devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "product_identification_helper": { "purl": "pkg:oci/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator\u0026tag=3.17-20" } } }, { "category": "product_version", "name": "devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "product": { "name": "devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "product_id": "devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "product_identification_helper": { "purl": "pkg:oci/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/server-rhel8\u0026tag=latest" } } }, { "category": "product_version", "name": "devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "product": { "name": "devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "product_id": "devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "product_identification_helper": { "purl": "pkg:oci/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel8\u0026tag=3.17-4" } } }, { "category": "product_version", "name": "devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64", "product": { "name": "devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64", "product_id": "devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64", "product_identification_helper": { "purl": "pkg:oci/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/udi-rhel8\u0026tag=3.17-9" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "product": { "name": "devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "product_id": "devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "product_identification_helper": { "purl": "pkg:oci/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/code-rhel8\u0026tag=3.17-19" } } }, { "category": "product_version", "name": "devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "product": { "name": "devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "product_id": "devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "product_identification_helper": { "purl": "pkg:oci/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel8\u0026tag=3.17-4" } } }, { "category": "product_version", "name": "devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "product": { "name": "devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "product_id": "devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "product_identification_helper": { "purl": "pkg:oci/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel8\u0026tag=3.17-25" } } }, { "category": "product_version", "name": "devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "product": { "name": "devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "product_id": "devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "product_identification_helper": { "purl": "pkg:oci/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel8\u0026tag=3.17-4" } } }, { "category": "product_version", "name": "devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "product": { "name": "devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "product_id": "devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "product_identification_helper": { "purl": "pkg:oci/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel8\u0026tag=latest" } } }, { "category": "product_version", "name": "devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "product": { "name": "devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "product_id": "devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "product_identification_helper": { "purl": "pkg:oci/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.17-59" } } }, { "category": "product_version", "name": "devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "product": { "name": "devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "product_id": "devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "product_identification_helper": { "purl": "pkg:oci/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8\u0026tag=3.17-11" } } }, { "category": "product_version", "name": "devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "product": { "name": "devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "product_id": "devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "product_identification_helper": { "purl": "pkg:oci/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator\u0026tag=3.17-20" } } }, { "category": "product_version", "name": "devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "product": { "name": "devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "product_id": "devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "product_identification_helper": { "purl": "pkg:oci/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/server-rhel8\u0026tag=latest" } } }, { "category": "product_version", "name": "devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "product": { "name": "devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "product_id": "devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "product_identification_helper": { "purl": "pkg:oci/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel8\u0026tag=3.17-4" } } }, { "category": "product_version", "name": "devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "product": { "name": "devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "product_id": "devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "product_identification_helper": { "purl": "pkg:oci/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/udi-rhel8\u0026tag=3.17-9" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "product": { "name": "devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "product_id": "devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "product_identification_helper": { "purl": "pkg:oci/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/code-rhel8\u0026tag=3.17-19" } } }, { "category": "product_version", "name": "devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "product": { "name": "devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "product_id": "devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "product_identification_helper": { "purl": "pkg:oci/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel8\u0026tag=3.17-4" } } }, { "category": "product_version", "name": "devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "product": { "name": "devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "product_id": "devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "product_identification_helper": { "purl": "pkg:oci/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel8\u0026tag=3.17-25" } } }, { "category": "product_version", "name": "devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "product": { "name": "devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "product_id": "devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "product_identification_helper": { "purl": "pkg:oci/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel8\u0026tag=3.17-4" } } }, { "category": "product_version", "name": "devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "product": { "name": "devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "product_id": "devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "product_identification_helper": { "purl": "pkg:oci/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel8\u0026tag=latest" } } }, { "category": "product_version", "name": "devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "product": { "name": "devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "product_id": "devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "product_identification_helper": { "purl": "pkg:oci/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.17-59" } } }, { "category": "product_version", "name": "devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "product": { "name": "devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "product_id": "devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "product_identification_helper": { "purl": "pkg:oci/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8\u0026tag=3.17-11" } } }, { "category": "product_version", "name": "devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "product": { "name": "devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "product_id": "devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "product_identification_helper": { "purl": "pkg:oci/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator\u0026tag=3.17-20" } } }, { "category": "product_version", "name": "devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "product": { "name": "devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "product_id": "devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "product_identification_helper": { "purl": "pkg:oci/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/server-rhel8\u0026tag=latest" } } }, { "category": "product_version", "name": "devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "product": { "name": "devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "product_id": "devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "product_identification_helper": { "purl": "pkg:oci/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel8\u0026tag=3.17-4" } } }, { "category": "product_version", "name": "devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "product": { "name": "devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "product_id": "devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "product_identification_helper": { "purl": "pkg:oci/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/udi-rhel8\u0026tag=3.17-9" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x" }, "product_reference": "devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64" }, "product_reference": "devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le" }, "product_reference": "devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64" }, "product_reference": "devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le" }, "product_reference": "devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x" }, "product_reference": "devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le" }, "product_reference": "devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64" }, "product_reference": "devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x" }, "product_reference": "devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le" }, "product_reference": "devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x" }, "product_reference": "devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64" }, "product_reference": "devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le" }, "product_reference": "devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64" }, "product_reference": "devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x" }, "product_reference": "devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64" }, "product_reference": "devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64" }, "product_reference": "devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le" }, "product_reference": "devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x" }, "product_reference": "devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le" }, "product_reference": "devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x" }, "product_reference": "devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64" }, "product_reference": "devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le" }, "product_reference": "devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x" }, "product_reference": "devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64" }, "product_reference": "devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64" }, "product_reference": "devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le" }, "product_reference": "devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x" }, "product_reference": "devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64" }, "product_reference": "devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x" }, "product_reference": "devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le" }, "product_reference": "devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x" }, "product_reference": "devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le" }, "product_reference": "devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "relates_to_product_reference": "8Base-RHOSDS-3" }, { "category": "default_component_of", "full_product_name": { "name": "devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64 as a component of Red Hat OpenShift Dev Spaces 3", "product_id": "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" }, "product_reference": "devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64", "relates_to_product_reference": "8Base-RHOSDS-3" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-42282", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2024-02-20T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2265161" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the NPM IP Package. This flaw allows an attacker to perform arbitrary code execution and obtain sensitive information via the isPublic() function by inducing a Server-Side Request Forgery (SSRF) attack and obtaining access to normally inaccessible resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-ip: arbitrary code execution via the isPublic() function", "title": "Vulnerability summary" }, { "category": "other", "text": "It appears that npm does not utilize the bundled code therefore Red Hat Enterprise Linux is not affected by this vulnerability.\n\nWhile the vulnerability in the NPM IP Package presents a significant security concern, it\u0027s categorized as important rather than critical due to several factors. Firstly, the misclassification of the private IP address 0x7f.1 as public by the isPublic() function does not directly lead to remote code execution or unauthorized access to critical systems. Instead, it facilitates SSRF attacks, which typically require additional conditions to fully exploit, such as the ability to influence server-side requests and responses. Additionally, the impact of SSRF attacks can vary depending on the specific environment and configuration of the affected system. While SSRF attacks can potentially lead to data exposure, service disruption, or lateral movement within a network, their severity is often mitigated by factors such as network segmentation, access controls, and the availability of sensitive resources.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-42282" }, { "category": "external", "summary": "RHBZ#2265161", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265161" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-42282", "url": "https://www.cve.org/CVERecord?id=CVE-2023-42282" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42282", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42282" }, { "category": "external", "summary": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html", "url": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html" } ], "release_date": "2024-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T19:44:38+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "nodejs-ip: arbitrary code execution via the isPublic() function" }, { "cve": "CVE-2024-21534", "cwe": { "id": "CWE-94", "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)" }, "discovery_date": "2024-10-11T06:00:50.977825+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2317968" } ], "notes": [ { "category": "description", "text": "A flaw was found in jsonpath-plus. This vulnerability allows remote code execution via improper input sanitisation and unsafe default usage of the vm module in Node.js. Attackers can exploit this by executing arbitrary code through the unsafe use of the vm module in Node.js, which allows for malicious code injection. This issue occurs due to the way jsonpath-plus evaluates JSON paths using vm, a Node.js module that allows code execution. If user input is not properly sanitized, an attacker can craft JSON paths that execute dangerous commands, such as reading sensitive files.", "title": "Vulnerability description" }, { "category": "summary", "text": "jsonpath-plus: Remote Code Execution in jsonpath-plus via Improper Input Sanitization", "title": "Vulnerability summary" }, { "category": "other", "text": "The vulnerability has been addressed, however, it is important to note that the unsafe behavior is still present but is no longer enabled by default. Developers using older versions or relying on this unsafe behavior could still be at risk.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-21534" }, { "category": "external", "summary": "RHBZ#2317968", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317968" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-21534", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21534" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21534", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21534" }, { "category": "external", "summary": "https://github.com/JSONPath-Plus/JSONPath/commit/6b2f1b4c234292c75912b790bf7e2d7339d4ccd3", "url": "https://github.com/JSONPath-Plus/JSONPath/commit/6b2f1b4c234292c75912b790bf7e2d7339d4ccd3" }, { "category": "external", "summary": "https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884", "url": "https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884" } ], "release_date": "2024-10-11T05:00:01.824000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T19:44:38+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "category": "workaround", "details": "Red Hat Product Security recommends updating the vulnerable software to the latest version.", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jsonpath-plus: Remote Code Execution in jsonpath-plus via Improper Input Sanitization" }, { "cve": "CVE-2024-29415", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2024-05-27T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2284554" } ], "notes": [ { "category": "description", "text": "A flaw was found in node-ip. The fix for CVE-2023-42282 in the ip package for Node.js was incomplete, and the issue may still be triggered using some IP addresses.", "title": "Vulnerability description" }, { "category": "summary", "text": "node-ip: Incomplete fix for CVE-2023-42282", "title": "Vulnerability summary" }, { "category": "other", "text": "For CVE-2023-42282, npm does not utilize the bundled code, therefore Red Hat Enterprise Linux is not affected by this vulnerability.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-29415" }, { "category": "external", "summary": "RHBZ#2284554", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2284554" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29415", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29415" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29415", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29415" }, { "category": "external", "summary": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html", "url": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html" } ], "release_date": "2024-02-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T19:44:38+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "node-ip: Incomplete fix for CVE-2023-42282" }, { "cve": "CVE-2024-34156", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "discovery_date": "2024-09-06T21:20:09.377905+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2310528" } ], "notes": [ { "category": "description", "text": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "title": "Vulnerability description" }, { "category": "summary", "text": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability in Go\u0027s `encoding/gob` package is of high severity because it exposes applications to potential Denial of Service (DoS) attacks through stack exhaustion. Since `gob` relies on recursive function calls to decode nested structures, an attacker could exploit this by sending crafted messages with excessively deep nesting, causing the application to panic due to stack overflow. This risk is particularly important in scenarios where untrusted or external input is processed, as it can lead to system unavailability or crashes, undermining the reliability and availability of services.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-34156" }, { "category": "external", "summary": "RHBZ#2310528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-34156", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34156" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156" }, { "category": "external", "summary": "https://go.dev/cl/611239", "url": "https://go.dev/cl/611239" }, { "category": "external", "summary": "https://go.dev/issue/69139", "url": "https://go.dev/issue/69139" }, { "category": "external", "summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2024-3106", "url": "https://pkg.go.dev/vuln/GO-2024-3106" } ], "release_date": "2024-09-06T21:15:12.020000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T19:44:38+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion" }, { "cve": "CVE-2024-45296", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2024-09-09T19:20:18.127723+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2310908" } ], "notes": [ { "category": "description", "text": "A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).", "title": "Vulnerability description" }, { "category": "summary", "text": "path-to-regexp: Backtracking regular expressions cause ReDoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-45296" }, { "category": "external", "summary": "RHBZ#2310908", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310908" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-45296", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296" }, { "category": "external", "summary": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f", "url": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f" }, { "category": "external", "summary": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6", "url": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6" }, { "category": "external", "summary": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j", "url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j" } ], "release_date": "2024-09-09T19:15:13.330000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T19:44:38+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "path-to-regexp: Backtracking regular expressions cause ReDoS" }, { "cve": "CVE-2024-45813", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2024-09-18T17:20:11.964011+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2313383" } ], "notes": [ { "category": "description", "text": "A regular expression denial of service (ReDoS) flaw was found in find-my-way. A bad regular expression is generated any time one has two parameters within a single segment, when adding a `-` at the end, such as `/:a-:b-`. This issue may cause a denial of service in some instances.", "title": "Vulnerability description" }, { "category": "summary", "text": "find-my-way: ReDoS vulnerability in multiparametric routes", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-45813" }, { "category": "external", "summary": "RHBZ#2313383", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313383" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-45813", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45813" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45813", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45813" }, { "category": "external", "summary": "https://blakeembrey.com/posts/2024-09-web-redos", "url": "https://blakeembrey.com/posts/2024-09-web-redos" }, { "category": "external", "summary": "https://github.com/delvedor/find-my-way/commit/5e9e0eb5d8d438e06a185d5e536a896572dd0440", "url": "https://github.com/delvedor/find-my-way/commit/5e9e0eb5d8d438e06a185d5e536a896572dd0440" }, { "category": "external", "summary": "https://github.com/delvedor/find-my-way/security/advisories/GHSA-rrr8-f88r-h8q6", "url": "https://github.com/delvedor/find-my-way/security/advisories/GHSA-rrr8-f88r-h8q6" } ], "release_date": "2024-09-18T17:15:19.163000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T19:44:38+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "find-my-way: ReDoS vulnerability in multiparametric routes" }, { "cve": "CVE-2024-47875", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2024-10-11T15:20:07.304345+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2318052" } ], "notes": [ { "category": "description", "text": "DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.", "title": "Vulnerability description" }, { "category": "summary", "text": "dompurify: nesting-based mutation XSS vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-47875" }, { "category": "external", "summary": "RHBZ#2318052", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318052" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-47875", "url": "https://www.cve.org/CVERecord?id=CVE-2024-47875" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47875", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47875" }, { "category": "external", "summary": "https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098", "url": "https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098" }, { "category": "external", "summary": "https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f", "url": "https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f" }, { "category": "external", "summary": "https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a", "url": "https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a" }, { "category": "external", "summary": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf", "url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf" } ], "release_date": "2024-10-11T15:15:05.860000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T19:44:38+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "dompurify: nesting-based mutation XSS vulnerability" }, { "cve": "CVE-2024-48949", "cwe": { "id": "CWE-347", "name": "Improper Verification of Cryptographic Signature" }, "discovery_date": "2024-10-10T01:00:37.956974+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2317724" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Elliptic package. This vulnerability allows attackers to bypass EDDSA signature validation via improper handling of signature values where the S() component of the signature is not properly checked for being non-negative or smaller than the curve order.", "title": "Vulnerability description" }, { "category": "summary", "text": "elliptic: Missing Validation in Elliptic\u0027s EDDSA Signature Verification", "title": "Vulnerability summary" }, { "category": "other", "text": "Thunderbird is not supported in Red Hat Enterprise Linux 7 ELS.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x" ], "known_not_affected": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-48949" }, { "category": "external", "summary": "RHBZ#2317724", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317724" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-48949", "url": "https://www.cve.org/CVERecord?id=CVE-2024-48949" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-48949", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48949" }, { "category": "external", "summary": "https://github.com/indutny/elliptic/commit/7ac5360118f74eb02da73bdf9f24fd0c72ff5281", "url": "https://github.com/indutny/elliptic/commit/7ac5360118f74eb02da73bdf9f24fd0c72ff5281" }, { "category": "external", "summary": "https://github.com/indutny/elliptic/compare/v6.5.5...v6.5.6", "url": "https://github.com/indutny/elliptic/compare/v6.5.5...v6.5.6" } ], "release_date": "2024-10-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T19:44:38+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "elliptic: Missing Validation in Elliptic\u0027s EDDSA Signature Verification" } ] }
gsd-2024-21534
Vulnerability from gsd
Modified
2023-12-23 06:02
Details
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Aliases
{ "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2024-21534" ], "id": "GSD-2024-21534", "modified": "2023-12-23T06:02:09.510420Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2024-21534", "STATE": "RESERVED" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } } } }
ghsa-pppg-cpfq-h7wr
Vulnerability from github
Published
2024-10-11 15:30
Modified
2024-11-18 18:32
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
JSONPath Plus Remote Code Execution (RCE) Vulnerability
Details
Versions of the package jsonpath-plus before 10.0.7 are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node.
Note:
There was an attempt to fix it in version 10.0.0 but it could still be exploited using different payloads.
{ "affected": [ { "package": { "ecosystem": "npm", "name": "jsonpath-plus" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "10.0.7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Maven", "name": "org.webjars.npm:jsonpath-plus" }, "ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "6.0.1" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2024-21534" ], "database_specific": { "cwe_ids": [ "CWE-94" ], "github_reviewed": true, "github_reviewed_at": "2024-10-14T16:27:22Z", "nvd_published_at": "2024-10-11T13:15:15Z", "severity": "CRITICAL" }, "details": "Versions of the package jsonpath-plus before 10.0.7 are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node.\n\n**Note:**\n\nThere was an attempt to fix it in version [10.0.0](https://github.com/JSONPath-Plus/JSONPath/commit/6b2f1b4c234292c75912b790bf7e2d7339d4ccd3) but it could still be exploited using [different payloads](https://github.com/JSONPath-Plus/JSONPath/issues/226).", "id": "GHSA-pppg-cpfq-h7wr", "modified": "2024-11-18T18:32:07Z", "published": "2024-10-11T15:30:32Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21534" }, { "type": "WEB", "url": "https://github.com/JSONPath-Plus/JSONPath/issues/226" }, { "type": "WEB", "url": "https://github.com/JSONPath-Plus/JSONPath/issues/226#issuecomment-2424230316" }, { "type": "WEB", "url": "https://github.com/JSONPath-Plus/JSONPath/commit/6b2f1b4c234292c75912b790bf7e2d7339d4ccd3" }, { "type": "WEB", "url": "https://github.com/JSONPath-Plus/JSONPath/commit/b70aa713553caf838a63bac923195a5bc541fd72" }, { "type": "PACKAGE", "url": "https://github.com/JSONPath-Plus/JSONPath" }, { "type": "WEB", "url": "https://github.com/JSONPath-Plus/JSONPath/compare/v9.0.0...v10.1.0" }, { "type": "WEB", "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-8185019" }, { "type": "WEB", "url": "https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "type": "CVSS_V4" } ], "summary": "JSONPath Plus Remote Code Execution (RCE) Vulnerability" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.